Closed alexazevedo closed 1 year ago
This is a security improvement. You are absolutely using jwt.encode
wrong, when encode
a token, you should use a private key.
@alexazevedo your jwt_dict
represents a public key. When you covert your JWK into a dict (key.as_dict()
) you should specify the is_private
parameter in order tell which type of the key you need: private or public. By default it as_dict()
returns public key representation.
Describe the bug
After upgrading from 0.15 to 1.1.0, the jwt.encode method started to fail with the following error:
ValueError: Invalid key_op "sign" for public key
.I didn't modify the public key and didn't change anything on the code. Just upgraded from 0.15 to 1.1.0 Error Stacks
To Reproduce
Some details and parameters' values header:
{'alg': 'ES256'}
payload:{'exp': 1669392257, 'sub': 'user@one.com', 'member_id': 111}
jwtdict: ```{'crv': 'P-256', 'x': 'FWbfvNNM1J4vtAs-SDaz91AyAl-3O8kcYw0qXhdKoc', 'y': 'A7BYNAseyKKWWvepmQPs0AMiE8Oid3Idmrx18sPEQlY', 'kty': 'EC', 'kid': 'VEbGrIYk3dupNXMLu_GFB8l2YG5lUKrFybVcGXNaHek'}```Environment: