Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PyJWT api incompatible with cryptography #706

Closed
alex-hsp opened this issue Oct 28, 2021 · 2 comments
Closed

PyJWT api incompatible with cryptography #706

alex-hsp opened this issue Oct 28, 2021 · 2 comments

Comments

@alex-hsp
Copy link

Using ES256, i am trying to generate JWT token with following code

    audience = 'https://appleid.apple.com'
    alg = 'ES256'

    # Define issue timestamp.
    issued_at_timestamp = int(dt.datetime.utcnow().timestamp())
    # Define expiration timestamp. May not exceed 180 days from issue timestamp.
    expiration_timestamp = issued_at_timestamp + 86400 * 180

    # Define JWT headers.
    headers = dict()
    headers['alg'] = alg
    headers['kid'] = key_id

    # Define JWT payload.
    payload = dict()
    payload['sub'] = client_id
    payload['aud'] = audience
    payload['iat'] = issued_at_timestamp
    payload['exp'] = expiration_timestamp
    payload['iss'] = team_id

    with open(private_key_file, 'r') as key_file:
        key = ''.join(key_file.readlines())

    client_secret = jwt.encode(
        payload=payload,
        headers=headers,
        algorithm=alg,
        key=key
    )

private key file is .pem with -----BEGIN RSA PRIVATE KEY----- inside

Expected Result

Expected to generate token. Same code worked 6 months ago.

Actual Result

  File "/Users/Alexander_Gorokhov/PycharmProjects/hs-databricks/tasks.py", line 128, in generate_asa_client_secret
    client_secret = jwt.encode(
  File "/Users/Alexander_Gorokhov/.local/share/virtualenvs/hs-databricks-35vk8C_U/lib/python3.9/site-packages/jwt/api_jwt.py", line 63, in encode
    return api_jws.encode(json_payload, key, algorithm, headers, json_encoder)
  File "/Users/Alexander_Gorokhov/.local/share/virtualenvs/hs-databricks-35vk8C_U/lib/python3.9/site-packages/jwt/api_jws.py", line 114, in encode
    signature = alg_obj.sign(signing_input, key)
  File "/Users/Alexander_Gorokhov/.local/share/virtualenvs/hs-databricks-35vk8C_U/lib/python3.9/site-packages/jwt/algorithms.py", line 423, in sign
    der_sig = key.sign(msg, ec.ECDSA(self.hash_alg()))
TypeError: sign() missing 1 required positional argument: 'algorithm'

key is cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey
sign_obj is jwt.algorithms.ECAlgorithm

key.sign requires padding and algorithm parameters.

Reproduction Steps

System Information

$ python -m jwt.help

{
  "cryptography": {
    "version": "3.4.8"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.9.5"
  },
  "platform": {
    "release": "20.6.0",
    "system": "Darwin"
  },
  "pyjwt": {
    "version": "2.3.0"
  }
}

Same story on ubuntu 20 VM

Am i missing something?
@auvipy
Copy link
Collaborator

auvipy commented Oct 29, 2021

contributions are welcome

@jpadilla
Copy link
Owner

@alex-hsp can you please provide steps to fully reproduce this? How was key fully generated, etc.

@estin estin mentioned this issue Nov 28, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jpadilla @auvipy @alex-hsp