Open moham opened 5 years ago
That's odd. This middleware isn't doing anything too crazy with the keys or algorithm values, so I'm having trouble isolating this issue to a bug in the JWTAuthBackend
implementation.
Can you try some things for me?
1) First, can you generate an RS256
key pair or cert and provide it here or make it available to me somehow (md5sums of any files would be great, too)?
2) Use those credentials to jwt.encode()
and then jwt.decode()
a token without using JWTAuthBackend
. This is just to test that jwt
and your credentials are functional and prove that the issue is in JWTAuthBackend
code.
If the encode/decode test passes, but you still get the failure behavior with JWTAuthBackend
, I should be able to dig in a bit and hopefully resolve this.
I stumbled on this thread, but I'm not sure how relevant it is yet: https://github.com/jpadilla/pyjwt/issues/236
With PyJWT==1.7.1 everything is ok:
import jwt
with open('private.pem') as pv: p = pv.read()
with open('public.pem') as pb: b = pb.read()
en = jwt.encode({'m':'n'}, p, algorithm='RS256')
jwt.decode(en, b, algorithm='RS256')
{'m': 'n'}
Solved!
falcon-auth 1.1.0, Installed from pip
I think in falcon_auth/backends.py line 244, must be:
return jwt.encode(payload, self.secret_key, algorithm=self.algorithm,
Instead of:
return jwt.encode(payload, self.secret_key,
Please update falcon-auth in pip repository.
Hi,
In Auth backend:
jwt_auth = JWTAuthBackend(lambda token: None, private_key, algorithm='RS256')
token = jwt_auth.get_auth_token({"uid": "123"})
In Application backend:
auth_middleware = FalconAuthMiddleware(JWTAuthBackend(User.user_loader, public_key, algorithm='RS256'))
app = falcon.API(middleware=[auth_middleware])
Error in Application backend:
{ "title": "401 Unauthorized", "description": "The specified alg value is not allowed" }