Bug 2454248

Summary: python-jwt fails to build with Python 3.15: FutureWarning: invalid character '/' in URL-safe Base64 data will be discarded in future Python versions
Product: [Fedora] Fedora Reporter: Karolina Surma <ksurma>
Component: python-jwtAssignee: Fedora Infrastructure SIG <infra-sig>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: carl, infra-sig, kevin, ksurma, mhroncok, msuchy
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2412434    

Description Karolina Surma 2026-04-02 08:20:15 UTC 
python-jwt fails to build with Python 3.15.0a7.

___________ test_decodes_complete_valid_jwt_with_compressed_payload ____________

    def test_decodes_complete_valid_jwt_with_compressed_payload() -> None:
        # Test case from https://github.com/jpadilla/pyjwt/pull/753/files
        example_payload = {"hello": "world"}
        example_secret = "secret"
        # payload made with the pako (https://nodeca.github.io/pako/) library in Javascript:
        # Buffer.from(pako.deflateRaw('{"hello": "world"}')).toString('base64')
        example_jwt = (
            b"eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9"
            b".q1bKSM3JyVeyUlAqzy/KSVGqBQA="
            b".08wHYeuh1rJXmcBcMrz6NxmbxAnCQp2rGTKfRNIkxiw="
        )
>       decoded = CompressedPyJWT().decode_complete(
            example_jwt, example_secret, algorithms=["HS256"]
        )

tests/test_compressed_jwt.py:28: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
../BUILDROOT/usr/lib/python3.15/site-packages/jwt/api_jwt.py:262: in decode_complete
    decoded = self._jws.decode_complete(
../BUILDROOT/usr/lib/python3.15/site-packages/jwt/api_jws.py:240: in decode_complete
    payload, signing_input, header, signature = self._load(jwt)
                                                ^^^^^^^^^^^^^^^
../BUILDROOT/usr/lib/python3.15/site-packages/jwt/api_jws.py:321: in _load
    payload = base64url_decode(payload_segment)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
../BUILDROOT/usr/lib/python3.15/site-packages/jwt/utils.py:33: in base64url_decode
    return base64.urlsafe_b64decode(input_bytes)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

s = b'q1bKSM3JyVeyUlAqzy/KSVGqBQA='

    def urlsafe_b64decode(s):
        """Decode bytes using the URL- and filesystem-safe Base64 alphabet.
    
        Argument s is a bytes-like object or ASCII string to decode.  The result
        is returned as a bytes object.  A binascii.Error is raised if the input
        is incorrectly padded.  Characters that are not in the URL-safe base-64
        alphabet, and are not a plus '+' or slash '/', are discarded prior to the
        padding check.
    
        The alphabet uses '-' instead of '+' and '_' instead of '/'.
        """
        s = _bytes_from_decode_data(s)
        badchar = None
        for b in b'+/':
            if b in s:
                badchar = b
                break
        s = s.translate(_urlsafe_decode_translation)
        result = binascii.a2b_base64(s, strict_mode=False)
        if badchar is not None:
            import warnings
>           warnings.warn(f'invalid character {chr(badchar)!a} in URL-safe Base64 data '
                          f'will be discarded in future Python versions',
                          FutureWarning, stacklevel=2)
E           FutureWarning: invalid character '/' in URL-safe Base64 data will be discarded in future Python versions

https://docs.python.org/3.15/whatsnew/3.15.html

For the build logs, see:
https://copr-be.cloud.fedoraproject.org/results/@python/python3.15/fedora-rawhide-x86_64/10248044-python-jwt/

For all our attempts to build python-jwt with Python 3.15, see:
https://copr.fedorainfracloud.org/coprs/g/python/python3.15/package/python-jwt/

Testing and mass rebuild of packages is happening in copr.
You can follow these instructions to test locally in mock if your package builds with Python 3.15:
https://copr.fedorainfracloud.org/coprs/g/python/python3.15/

Let us know here if you have any questions.

Python 3.15 is planned to be included in Fedora 45.
To make that update smoother, we're building Fedora packages with all pre-releases of Python 3.15.
A build failure prevents us from testing all dependent packages (transitive [Build]Requires),
so if this package is required a lot, it's important for us to get it fixed soon.

We'd appreciate help from the people who know this package best,
but if you don't want to work on this now, let us know so we can try to work around it on our side.