search

flavors / django-graphql-jwt

JSON Web Token (JWT) authentication for Graphene Django
https://django-graphql-jwt.domake.io
MIT License
820 stars 171 forks source link

Pyjwt 2.0.0 compatibility issue #242

Closed drippypale closed 3 years ago

drippypale commented 3 years ago

graphql.error.located_error.GraphQLLocatedError: module 'jwt' has no attribute 'ExpiredSignature'

ExpiredSignature is deprecated and ExpiredSignatureError should be used instead in the newer Pyjwt versions.

fgallese commented 3 years ago

Just chiming in to say that I'm facing the exact same situation.

Edit: Just to add, another compatibility issue I found, since this change, jwt.decode does not allow the verify argument, so I get this error:

TypeError: decode() got multiple values for argument 'algorithms'

Which is triggered from a call to jwt.decode() from jwt_decode(token, context=None).

As far as I understand, the parameter verify should be removed.

laurent-brisbois commented 3 years ago

I've had issues with PyJWT 2.0.0 too. I had to downgrade to 1.7.1 where it was working. My error was :

in jwt_encode
    jwt_settings.JWT_ALGORITHM,
graphql.error.located_error.GraphQLLocatedError: 'str' object has no attribute 'decode'
drippypale commented 3 years ago

I did the same thing. I installed PyJWT v1.7.1 explicitly.

rganeyev commented 3 years ago

Added pull request #244 as hot-fix. Ideally, jwt usage should be rewritten to make it compatible with the latest PyJWT library.

BossGrand commented 3 years ago

I wonder if this repo is still active

datajango commented 3 years ago

this is a real problem

Django version 3.1.5, using settings 'app.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CTRL-BREAK. Traceback (most recent call last): File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\promise\promise.py", line 489, in _resolve_from_executor executor(resolve, reject) File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\promise\promise.py", line 756, in executor return resolve(f(*args, kwargs)) File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\graphql\execution\middleware.py", line 75, in make_it_promise
return next(*args, kwargs) File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\graphql_jwt\decorators.py", line 140, in wrapper result = f(cls, root, info, kwargs) File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\graphql_jwt\decorators.py", line 129, in wrapper result = f(cls, root, info, *kwargs) File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\graphql_jwt\decorators.py", line 121, in wrapper result = f(cls, args, kwargs) File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\graphql_jwt\decorators.py", line 107, in wrapper return maybe_thenable((context, user, result), on_token_auth_resolve) File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\graphene\utils\thenables.py", line 42, in maybe_thenable return on_resolve(obj) File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\graphql_jwt\decorators.py", line 70, in on_token_auth_resolve
payload.token = jwt_settings.JWT_ENCODE_HANDLER(payload.payload, context) File "C:\Users\tony\Anaconda3\envs\server38\lib\site-packages\graphql_jwt\utils.py", line 37, in jwt_encode return jwt.encode( graphql.error.located_error.GraphQLLocatedError: 'str' object has no attribute 'decode'

[07/Jan/2021 23:58:23] "POST /graphql/ HTTP/1.1" 200 148

IbrahimAlgadi commented 3 years ago

I have modified the function then it worked

image

I hope this doesn't brake the other functional things, since no need to run decode('utf-8')

rganeyev commented 3 years ago

@IbrahimAlgadi, it will work for PyJWT >= 2, but not for earlier versions.

IbrahimAlgadi commented 3 years ago

@rganeyev

What about classic ( try -- except ) for the str error in the jwt_encode function.

Does it work

rganeyev commented 3 years ago

@IbrahimAlgadi well, it is bad architecture desicion. What may happen when pyJWT changes signature on their major update? I see here multiple solutions:

  1. [Easy] Restrict PyJWT version as 1.*. It is hot fix, and will work. #244 for that.
  2. [Right] Increase PyJWT version to 2.* and fix all jwt-related issues. That includes your change, and all possible jwt usages in the repo.
  3. [I did this] Abandon this repo as it is dead and no-one is going to maintain it.
laurent-brisbois commented 3 years ago

@IbrahimAlgadi well, it is bad architecture desicion. What may happen when pyJWT changes signature on their major update? I see here multiple solutions:

  1. [Easy] Restrict PyJWT version as 1.*. It is hot fix, and will work. #244 for that.
  2. [Right] Increase PyJWT version to 2.* and fix all jwt-related issues. That includes your change, and all possible jwt usages in the repo.
  3. [I did this] Abandon this repo as it is dead and no-one is going to maintain it.

Your 3rd choice is actually what I did too. I'm even switching to DRF right now. Graphene-Django seems to be dead too so... I think code owners are all on the new Strawberry project now..

But it doesn't seem to be mature enough for Django,...

Will it be soon ? Will it die like graphene-django did ?

I don't know and I don't wanna know. This was kinda good to use GraphQL and I'm a bit disappointed to lose its benefits but these libraries are not stable enough and I can't predict the future (yet) so I prefer switching to something more reliable, maintained, and widely used.

ibqn commented 3 years ago

@fgallese

If you are still interested, I got it working by removing verify=True option in jwt.decode method call

https://github.com/ibqn/django-graphql-jwt/commit/dd92319071092bb517187904f3ac0610e8443edf

mongkok commented 3 years ago

I apologize for the delay in my response #261. The new release requires Graphene v3 and supports PyJWT>=2:

pip install 'django-graphql-jwt>=0.3.2'