Rasax API JWT Authorization: InvalidAlgorithmError

I’m trying to update a tracker with the rasax api but have gotten the InvalidAlgorithmError below:

rasa-production_1  | [2020-07-30 19:57:35 +0000] [1] [ERROR] Exception occurred while handling uri: 'http://url/conversations/CONVERSATION_ID/tracker/events'
rasa-production_1  | Traceback (most recent call last):
rasa-production_1  |   File "/opt/venv/lib/python3.7/site-packages/sanic/app.py", line 976, in handle_request
rasa-production_1  |     response = await response
rasa-production_1  |   File "/opt/venv/lib/python3.7/site-packages/rasa/server.py", line 160, in decorated
rasa-production_1  |     request
rasa-production_1  |   File "/opt/venv/lib/python3.7/site-packages/sanic_jwt/authentication.py", line 514, in is_authenticated
rasa-production_1  |     is_valid, *_ = self._verify(request)
rasa-production_1  |   File "/opt/venv/lib/python3.7/site-packages/sanic_jwt/authentication.py", line 371, in _verify
rasa-production_1  |     payload = self._decode(token, verify=verify)
rasa-production_1  |   File "/opt/venv/lib/python3.7/site-packages/sanic_jwt/authentication.py", line 184, in _decode
rasa-production_1  |     **kwargs,
rasa-production_1  |   File "/opt/venv/lib/python3.7/site-packages/jwt/api_jwt.py", line 92, in decode
rasa-production_1  |     jwt, key=key, algorithms=algorithms, options=options, **kwargs
rasa-production_1  |   File "/opt/venv/lib/python3.7/site-packages/jwt/api_jws.py", line 156, in decode
rasa-production_1  |     key, algorithms)
rasa-production_1  |   File "/opt/venv/lib/python3.7/site-packages/jwt/api_jws.py", line 216, in _verify_signature
rasa-production_1  |     raise InvalidAlgorithmError('The specified alg value is not allowed')
rasa-production_1  | jwt.exceptions.InvalidAlgorithmError: The specified alg value is not allowed

Here’s the code that generates the error:

response = requests.post("{}/tracker/events".format(sender_id),
json={"event": "slot", "name": "my_slot", "value": False, "timestamp":int(time.time())},
headers={"Authorization": "Bearer " + auth_token})

This same format for hitting the API endpoints works for other endpoints but not this one for some reason. Any idea how I can get around this?

hi @basil-chatha, which other endpoints did the same authorization header work with?

Any updates on this thread?