From d3a9474accc47f2b180e5e8271955ef7f7b455af Mon Sep 17 00:00:00 2001
From: Zachary Trabookis <ztraboo@clemson.edu>
Date: Thu, 21 Oct 2021 18:39:44 -0400
Subject: [PATCH 1/2] Fix issue when decoding the Current Customer JWT Payload

The token created from this endpoint uses algorithm "HS512". Added this algorithm to the array.
https://developer.bigcommerce.com/api-docs/storefront/current-customer-api

Also noticed that when using `verify_payload` it gave an error since there were three values returned. Put a `__` to handle the last value returned.
---
 bigcommerce/connection.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bigcommerce/connection.py b/bigcommerce/connection.py
index 3012a3e..473c9f6 100644
--- a/bigcommerce/connection.py
+++ b/bigcommerce/connection.py
@@ -222,7 +222,7 @@ def verify_payload(signed_payload, client_secret):
 
         Uses constant-time str comparison to prevent vulnerability to timing attacks.
         """
-        encoded_json, encoded_hmac = signed_payload.split('.')
+        encoded_json, encoded_hmac, __ = signed_payload.split('.')
         dc_json = base64.b64decode(encoded_json)
         signature = base64.b64decode(encoded_hmac)
         expected_sig = hmac.new(client_secret.encode(), base64.b64decode(encoded_json), hashlib.sha256).hexdigest()
@@ -237,7 +237,7 @@ def verify_payload_jwt(signed_payload, client_secret, client_id):
         """
         return jwt.decode(signed_payload,
                           client_secret,
-                          algorithms=["HS256"],
+                          algorithms=["HS256", "HS512"],
                           audience=client_id,
                           options={
                             'verify_iss': False

From 73c977c4cb76dff37e44e30bc131448f296a798a Mon Sep 17 00:00:00 2001
From: Zachary Trabookis <ztraboo@clemson.edu>
Date: Wed, 27 Oct 2021 16:36:47 -0400
Subject: [PATCH 2/2] Fixing issue with failed unit test
 `TestOAuthConnection.test_verify_payload`.

This `, __` variable doesn't need to be there.
---
 bigcommerce/connection.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bigcommerce/connection.py b/bigcommerce/connection.py
index 473c9f6..7de7916 100644
--- a/bigcommerce/connection.py
+++ b/bigcommerce/connection.py
@@ -222,7 +222,7 @@ def verify_payload(signed_payload, client_secret):
 
         Uses constant-time str comparison to prevent vulnerability to timing attacks.
         """
-        encoded_json, encoded_hmac, __ = signed_payload.split('.')
+        encoded_json, encoded_hmac = signed_payload.split('.')
         dc_json = base64.b64decode(encoded_json)
         signature = base64.b64decode(encoded_hmac)
         expected_sig = hmac.new(client_secret.encode(), base64.b64decode(encoded_json), hashlib.sha256).hexdigest()