search

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.
https://authlib.org/
BSD 3-Clause "New" or "Revised" License
4.39k stars 436 forks source link

rfc7519 JsonWebEncryption is initialized with an incorrect list of algorhythms. #624

Open danilovmy opened 5 months ago

danilovmy commented 5 months ago

Initialization of JsonWebEncryption class happens with wrong set of encription algorythms.

# jose/__init__.py
jwt = JsonWebToken(list(JsonWebSignature.ALGORITHMS_REGISTRY.keys()))

# jose/rfc7519/jwt.py
class JsonWebToken:
    def __init__(self, algorithms, private_headers=None):
        self._jws = JsonWebSignature(algorithms, private_headers=private_headers)
        self._jwe = JsonWebEncryption(algorithms, private_headers=private_headers)

in this case we initiate self._jwe(Web Encription) with algorythm list from JsonWebSignature.ALGORITHMS_REGISTRY but it should be initiated fromJsonWebEncryption.ALG_REGISTRY

This is also not clear, why in the one class it is named ALGORITHMS_REGISTRY in other class - ALG_REGISTRY