search

mozilla / mozilla-django-oidc

A django OpenID Connect library
https://mozilla-django-oidc.readthedocs.io
Mozilla Public License 2.0
446 stars 166 forks source link

Attribute Error '_RSAPrivateKey' object has no attribute 'verifier' on successful authentication #365

Open RafterGit opened 4 years ago

RafterGit commented 4 years ago

Hello ,

I'm currently testing my local environment against an OIDC provider. Via postman, I am able confirm that all of these endpoints are correct and I'm able to hit the USER_INFO endpoint with a bearer token created by the provider.

However, though I'm able to see in the logs that my service is using mozilla_django_oidc and successfully getting a response from the USER_INFO endpoint( json response with user profile info , etc.) . My application stops on this error: 

Exception Type: AttributeError
Exception Type: '_RSAPrivateKey' object has no attribute 'verifier'
Exception Location: /usr/local/lib/python3.8/site-packages/josepy/util.py in __getattr__, line 93
--

I've configured the following in my settings.py:
OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_OP_AUTHORIZATION_ENDPOINT']
OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_OP_TOKEN_ENDPOINT']
OIDC_OP_USER_ENDPOINT = os.environ['OIDC_OP_USER_ENDPOINT']
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'
OIDC_DRF_AUTH_BACKEND = 'mozilla_django_oidc.auth.OIDCAuthenticationBackend'
OIDC_RP_SIGN_ALGO = 'RS256'
OIDC_RP_CLIENT_ID = os.environ['OIDC_RP_CLIENT_ID']
# not needed by provider
OIDC_RP_CLIENT_SECRET = ''
OIDC_RP_IDP_SIGN_KEY =  os.environ['PRIVATE_KEY']
OIDC_OP_JWKS_ENDPOINT = os.environ['OIDC_OP_JWKS_ENDPOINT']

--

    MIDDLEWARE = (
        ...
        'mozilla_django_oidc.middleware.SessionRefresh',
    )
   REST_FRAMEWORK = {
       ...
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'mozilla_django_oidc.contrib.drf.OIDCAuthentication',
        )
    }
    AUTHENTICATION_BACKENDS = (
        'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
    )

and my requirements.txt:

python_jwt==3.2.6
mozilla-django-oidc==1.2.3
djangorestframework==3.11.0
Django==3.0.8
django-configurations==2.2

Looking up those who've come across similar issues have suggested I use my public cert in lieu of my private cert. Swtching this setting OIDC_RP_IDP_SIGN_KEY to user my public cert results in the following error: 

Exception Value: | 'bytes' object has no attribute 'verifier'
Exception Type: /usr/local/lib/python3.8/site-packages/josepy/jwa.py in verify, line 134
Exception Location: /usr/local/bin/python
JulienFS commented 1 month ago

If you are using the OIDC_OP_JWKS_ENDPOINT endpoint then you probably don't need the OIDC_RP_IDP_SIGN_KEY. The endpoint is used to fetch the public key. And indeed OIDC_RP_IDP_SIGN_KEY should contain your OIDC provider's public key. Be careful with the format of the key, it's sensitive and defaults byte-like key which in turn fails : https://github.com/mozilla/mozilla-django-oidc/issues/505#issuecomment-2257988592