Warn about deprecations only if token decoding succeeds #600
Conversation
anakinj
force-pushed
the
context-specific-deprecation-warnings
branch
from
3fa1014
to
13d0f0a
Compare
anakinj
changed the title
anakinj
force-pushed
the
context-specific-deprecation-warnings
branch
from
13d0f0a
to
af64e35
Compare
|
@jeremyevans If you have some spare time could you check out this attempt to warn about the upcoming stricter base64 decoding only if the token validation is a success. |
anakinj
force-pushed
the
context-specific-deprecation-warnings
branch
from
af64e35
to
d5dd4e5
Compare
There was a problem hiding this comment.
I didn't test this code, but reading it, it looks like if you rescue the exception, the warning won't be emitted then, but it will be emitted later, after the next attempt that does not raise in the same thread.
I'll submit a pull request for an alternative approach and get your thoughts about it.
|
You were right, the warnings leaked over to the next call of decode. Did a little adjustment to prevent that. |
My approach in #601 is simpler, does not mess with thread-local state, and uses uplevel to make it easier to find the underlying cause of the problem. It does require base64 decoding segments twice, but as most JWTs are small, I don't expect that should be a significant performance issue. However, either #601 or this PR will fix the problem, so I'm fine with either. |
|
@jeremyevans Thanks for your interest and insight on this one. I decided to go with this more complex and hacky version. Just to avoid doing something for every token decode that goes via that method. |
Description
This should fix the spammy deprecation warnings reported in #595
Checklist
Before the PR can be merged be sure the following are checked: