Closed dianagudu closed 2 years ago
This should fix the issue that came up with the new egi dev instance.
It extends the jwt.PyJWKClient class to fix how the signing keys are retrieved from the jwks_uri:
jwt.PyJWKClient
jwks_uri
"use"=="enc"
pyjwt
"kid"
"alg"
"kty"
Does not fix:
jwt.PyJWKClient.get_jwk_set
References:
Wow you're fast!! I tested it, works fine for me!
This should fix the issue that came up with the new egi dev instance.
It extends the
jwt.PyJWKClient
class to fix how the signing keys are retrieved from thejwks_uri
:"use"=="enc"
) are ignored, sincepyjwt
does not support this"kid"
), the key is retrieved by id from thejwks_uri
"kid"
is optional, we can retrieve the signing key by the only mandatory fields:"alg"
in header, which can be used to infer the key type"kty"
(key_type) in JWK, to retrieve the first (should be the only one) key of this type from thejwks_uri
Does not fix:
jwt.PyJWKClient.get_jwk_set
fails ifjwks_uri
contains encryption keysReferences: