Error when using HS256

Annyv2 · web-flow · commit 2992fe52c8c6 · 2017-06-04T20:11:29.000+02:00
diff --git a/00-Starter-Seed/server.py b/00-Starter-Seed/server.py
@@ -80,6 +80,10 @@ def decorated(*args, **kwargs):
             return handle_error({"code": "invalid_header",
                                  "description": "Invalid header. "
                                                 "Use an RS256 signed JWT Access Token"}, 401)
+        if unverified_header["alg"] == "HS256":
+            return handle_error({"code": "invalid_header",
+                                 "description": "Invalid header. "
+                                                "Use an RS256 signed JWT Access Token"}, 401)
         rsa_key = {}
         for key in jwks["keys"]:
             if key["kid"] == unverified_header["kid"]:
