Open jmarshall9120 opened 1 month ago
Here's the set up for decoding a token from an AWS sandbox. There are no real resources to abuse here. I can tear down the sandbox once the issue is replicated.
pub_key_endpoint = f'https://cognito-idp.{aws_session.region_name}.amazonaws.com/{amplify_outputs["auth"]["user_pool_id"]}/.well-known/jwks.json' auth_token = 'eyJraWQiOiJIVWliRnBkUjM2MW92QUxRVFdVeGx3V0pOUmc1SEVRQkxsUjEzTWIyejI0PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIyODYxZTM4MC1mMDMxLTcwMzMtNDc3Ni1jNmRkMzY2MzA5ZmIiLCJjb2duaXRvOmdyb3VwcyI6WyJ0ZW5hbnQiLCJhbGx1c2VycyJdLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtd2VzdC0yLmFtYXpvbmF3cy5jb21cL3VzLXdlc3QtMl9EQndXVEY1SDgiLCJjbGllbnRfaWQiOiI0ZHI2YzUxOTVkcTJxbTdiYTJ2bmJ1b2E1NSIsIm9yaWdpbl9qdGkiOiI3NmJkNmQ3Yy03NDkxLTRlMWUtOWFkNS0wYzVhNzRmZmI1ZTgiLCJldmVudF9pZCI6ImY0NGIzZmU1LWVhNTctNDdiNC04M2ZhLTc2MGQyYmJiYzZlNSIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE3MTY3MzI1NzUsImV4cCI6MTcxNjgxOTYxOCwiaWF0IjoxNzE2ODE2MDE4LCJqdGkiOiIzYmQ3NThhZS0zNTc5LTQxNjQtODkxMi02ZmY5MjA5MWVmNDQiLCJ1c2VybmFtZSI6IjI4NjFlMzgwLWYwMzEtNzAzMy00Nzc2LWM2ZGQzNjYzMDlmYiJ9.J_iS209k6Nsqmwf2XlK1kOeRCKjY-y6U28MicQTD8LFb3v-sC6sttYVya5kBb_qj3hnIDuXFvH3POlduBJhxiiXE7A3eAA9_09eYqmyna3tuNl_1W5pz_wlR9uhtOdhk0hAQWiaTaDViDjiEO6TPenEat0dz-yQWMp2Fda64yUOHFFiRZj5UsfO6_fUbOFlVzsmgwLhRPb5smIHkB4yFtcs4A1QI_fGyS9cEFTusKyt-JBmmdkfN83i8tiLfZV_IYUj0J5z-_vMSVOTg5yDMjcVCEswX1ZFUkm_FB2aLkAxPJxgzdDVAFSdg1UcITJjcfjFjPwi79quJEoEuYUahIQ' import jwt from jwt import PyJWKClient jwks_client = PyJWKClient(pub_key_endpoint) signing_key = jwks_client.get_signing_key_from_jwt(actual_auth) payload = jwt.decode(actual_auth, signing_key, algorithms=['RS256'])
returns decoded token.
TypeError: Expecting a PEM-formatted key.
Entire reproduction given above.
$ python -m jwt.help
{ "cryptography": { "version": "42.0.7" }, "implementation": { "name": "CPython", "version": "3.9.7" }, "platform": { "release": "10", "system": "Windows" }, "pyjwt": { "version": "2.8.0" } }
This command is only available on PyJWT v1.6.3 and greater. Otherwise, please provide some basic information about your system.
You would need to pass in the value from the key attribute on the signing_key
key
signing_key
payload = jwt.decode(actual_auth, signing_key.key, algorithms=['RS256'])
Here's the set up for decoding a token from an AWS sandbox. There are no real resources to abuse here. I can tear down the sandbox once the issue is replicated.
Expected Result
returns decoded token.
Actual Result
TypeError: Expecting a PEM-formatted key.
Reproduction Steps
Entire reproduction given above.
System Information
This command is only available on PyJWT v1.6.3 and greater. Otherwise, please provide some basic information about your system.