"Not enough segments" when seding a GET message with Bearer Token Authorization Header (flask_restful + flask_jwt_extended)

Question

I got this error in Flask Application:

curl http://0.0.0.0:8080/ -H "Authorization: Bearer TGazPL9rf3aIftplCYDTGDc8cbTd"
{
  "msg": "Not enough segments"
}

Here a sample:

from flask import Flask
from flask_restful import Resource, Api
from flask_jwt_extended import JWTManager, jwt_required

app = Flask(__name__)
jwt = JWTManager(app)
api = Api(app)


class HelloWorld(Resource):
    @jwt_required
    def get(self):
        return {'hello': 'world'}


api.add_resource(HelloWorld, '/')

Console:

 * Serving Flask app "app.py" (lazy loading)
 * Environment: development
 * Debug mode: on
 * Running on http://0.0.0.0:8080/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger PIN: 890-265-009
127.0.0.1 - - [26/Apr/2020 02:02:32] "GET / HTTP/1.1" 422 -

I can't understand: What's wrong?

The exception has been thrown in other lib (line 183 in site-packages/jwt/api_jws.py):

  def _load(self, jwt):
        if isinstance(jwt, text_type):
            jwt = jwt.encode('utf-8')

        if not issubclass(type(jwt), binary_type):
            raise DecodeError("Invalid token type. Token must be a {0}".format(
                binary_type))

        try:
            signing_input, crypto_segment = jwt.rsplit(b'.', 1)
            header_segment, payload_segment = signing_input.split(b'.', 1)
        except ValueError:
            raise DecodeError('Not enough segments')

Answer 1

The token you are trying to pass in (TGazPL9rf3aIftplCYDTGDc8cbTd)is not a valid JWT. A valid JWT has three segments separated by dots: <base64_encoded_header>.<base64_encoded_payload>.<signature>. You can read more about it here: https://jwt.io/introduction/

Answer 2

I will post here an answer related to my initial problem above, the context is that I was trying to user flask_jwt_extend to use in firebase authentication, but I have this "Not enough segments" errors and I got blocked.

So after that, I change my code to:

from flask import Flask, request
from flask_restful import Resource, Api
from functools import wraps
import google.auth.transport.requests
import google.oauth2.id_token

app = Flask(__name__)
api = Api(app)
HTTP_REQUEST = google.auth.transport.requests.Request()


def jwt_required_gcp(fn):
    @wraps(fn)
    def wrapper(*args, **kwargs):
        id_token = request.headers['Authorization'].split(' ').pop()
        claims = google.oauth2.id_token.verify_firebase_token(
            id_token, HTTP_REQUEST)
        if not claims:
            return 'Unauthorized', 401
        return fn(*args, **kwargs)
    return wrapper


class HelloWorld(Resource):
    @jwt_required_gcp
    def get(self):
        return {'hello': 'world'}


api.add_resource(HelloWorld, '/')

Answer 3

Check your JWT Token. Is it valid?

@fresh_jwt_required - fresh_jwt_required() function to only allow fresh tokens to access the certain endpoint

@jwt_required - A decorator to protect a Flask endpoint with JSON Web Tokens. Any route decorated with this will require a valid JWT to be present in the request (unless optional=True, in which case no JWT is also valid) before the endpoint can be called.

For more detail review flask-jwt-extended