Closed juergen-kaiser-by closed 3 years ago
Can you give a full example? With runnable code to reproduce your problem? I can't reproduce it with your given key.
I've rechecked the code. It would never happen with your given key, because the given key already contains "e". I guess there must be something wrong with your provided data.
I have the same error
@walgula is it possible for you to provide a runnable test case?
{ "keys": [ { "kty": "RSA", "kid": "hash;)", "use": "sig", "n": "some very long hash;)", "e": "AQAB" } ] }
in 0.14.3 there is no error
@walgula Sorry, but that's just a key, not a complete runnable test case. Can you write a short section of python that will produce the error when somebody runs it?
Looks like I'm hitting the same issue. In my case it's running a Synapse server v1.21.0 (Matrix homeserver) with OIDC auth against a Lemonldap::NG issuer, with Py 3.6.8. Going back to authlib 0.14.3 makes everything working again. Unfortunately, I'm really unsure how to provide a simple, isolated test case. For reference, synapse's OIDC handler is https://github.com/matrix-org/synapse/blob/develop/synapse/handlers/oidc_handler.py
I may know the problem now. There is a refactor on Json Web Key Set.
cc @dani try to change load_jwks
with:
from authlib.jose import JsonWebKey
JsonWebKey.import_key_set({"keys": [....]})
Mmmmh, I'm afraid my very limited python-foo will ask for a bit more help ;-) At which point in the load_jwks function should I add the JsonWebKey.import_key_set call ?
@dani @juergen-kaiser-by can you try with the code in maintain-0.15
branch?
Updating authlib to the latest from maintain-0.15 branch fixes it for me. Synapse can auth against OIDC again ! :-)
Describe the bug
An input for authlib.jose.jwt.decode() causes an exception on python 3.8.3 while it works on python 3.6.8 .
I'm using:
The causing parameter is
key
. In my case, the (shortened) value is :However, if I set
mykey
to the key in the inner list:then authlib accepts the input for both, python 3.6.8 and 3.8.3.
Error Stacks
To Reproduce
(untested): get a valid key and put it in the structure as depicted in my example above.
Expected behavior
The same input gets accepted without errors for both python versions.
Environment: