Closed james-mchugh closed 8 months ago
If you think this request is a worthy change, I would be up for submitting a PR
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
This is still relevant
I would like to see the draft implemetation
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
The exception being raised includes the explicit text 'Unable to find a signing key that matches: "{kid}"'
. As it happens in many Python modules, it is sometimes the exception description which is used to disambiguate the underlaying cause of error.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
Thank you for this project. It has been very helpful for our team integrating authentication into our existing API.
When a
kid
is passed to thePyJWKClient.get_signing_key
method that is not in the JWK set (or is set toNone
, in the case that it came fromPyJWKClient.get_signing_key_from_jwt
and the JWT did not include a KID), aPyJWKClientError
is raised. This is the same error raised if an issue is detected during client initialization or failed requests to thejkws_uri
, but it will likely want to be handled differently by developers. When building an API, client initialization errors or failed requests to thejwks_uri
should likely result in 500 responses or immediate failures when starting the server, whereas an error due to the JWT not having a valid KID would likely be related to token validation and should therefore result in a 401 response.