search

authlib / joserfc

Implementations of JOSE RFCs in Python
https://jose.authlib.org
BSD 3-Clause "New" or "Revised" License
84 stars 8 forks source link

ValueError: This key may not be safe to import when decoding RS256 encoded JWT #17

Closed nextmat closed 9 months ago

nextmat commented 10 months ago

When I use JWT decoding with a RS256 encoded pub key:

jwt.decode(token, pub_key)

I get *** ValueError: This key may not be safe to import. This seems to originate in import_from_bytes which checks the key prefix against this constant.

Since -----BEGIN is in this list, it seems like no PEM-formatted keys would work with joserfc?

This key works fine with PyJWT and I'm a bit confused by what the problem is. What is the risk here?

Thanks!

lepture commented 9 months ago

@nextmat you need to specify the key with:

key = RSAKey.import_key(pub_key_bytes)
jwt.decode(token, key)
nextmat commented 9 months ago

This solved my problem, thank you!