oidc-exchange: fix padding

woodruffw · woodruffw · commit ba3ecc93555a · 2023-08-10T16:08:35.000-04:00
Signed-off-by: William Woodruff &lt;william@trailofbits.com&gt;
diff --git a/oidc-exchange.py b/oidc-exchange.py
@@ -144,6 +144,9 @@ def assert_successful_audience_call(resp: requests.Response, domain: str):
 
 def render_claims(token: str) -> str:
     _, payload, _ = token.split(".", 2)
+
+    # urlsafe_b64decode needs padding; JWT payloads don't contain any.
+    payload += "=" * (4 - (len(payload) % 4))
     claims = json.loads(base64.urlsafe_b64decode(payload))
 
     def _get(name: str) -> str:  # noqa: WPS430
@@ -207,7 +210,8 @@ def _get(name: str) -> str:  # noqa: WPS430
 
     die(
         _SERVER_REFUSED_TOKEN_EXCHANGE_MESSAGE.format(
-            reasons=reasons, rendered_claims=rendered_claims,
+            reasons=reasons,
+            rendered_claims=rendered_claims,
         ),
     )
 
