guillp / jwskate Goto Github PK

• jwskate version: all
• Python version: all
• Operating System: all

Description

x=BinaPy.from_int(x, coord_size).to("b64u").ascii(),
E TypeError: BinaPy.from_int() takes 2 positional arguments but 3 were given

Solution freeze binapy==7

• jwskate version: 0.5.0
• Python version: 3.7.9
• Operating System: Fedora 31

Description

I wanted to create HS512 key.
Generated key was shorter than expected.

(for required length see) https://www.rfc-editor.org/rfc/rfc7518#section-3.2

What I Did

from jwskate import Jwk, Jwt
print(Jwk.generate_for_alg(alg="HS512"))
{'kty': 'oct', 'k': 'OaFBpH2kogyNz-LvmfYYBw', 'alg': 'HS512'}

I created a PR with a fix #6

• jwskate version: 0.8.0
• Python version: 3.7
• Operating System: Amazon Linux 2 (Lambda function)

Description

I installed the library as a layer and attached it to my lambda function in AWS.
Basically by:

mkdir lambda_layers
cd lambda_layers
mkdir python
cd python
pip install jwskate -t ./
cd ..
zip-r python_modules.zip .

Some stuff is working, but some things are very weird, e.g. executing

from jwskate import Jwk

private_jwk = (
    Jwk.generate(alg="ES256")  # select the signature or encryption alg here
    .with_kid_thumbprint()  # optionally, include a RFC7638 compliant thumbprint as kid
    .with_usage_parameters()  # optionally, include 'use' and 'key_ops'
)

results in:

{
  "errorMessage": "",
  "errorType": "NotImplementedError",
  "stackTrace": [
    "  File \"/var/task/lambda_function.py\", line 11, in lambda_handler\n    Jwk.generate(alg=\"ES256\")  # select the signature or encryption alg here\n",
    "  File \"/opt/python/jwskate/jwk/base.py\", line 1044, in generate\n    raise NotImplementedError\n"
  ]
}

Furthermore I get "type object 'Jwk' has no attribute 'from_pem'" for

private_jwk_from_file = (
        Jwk.from_pem(key, password="Th1s_P@ssW0rD_iS_5o_5tr0nG!")
        .with_usage_parameters(alg="ES256")  # adds back the alg, use and key_ops parameters
        .with_kid_thumbprint()  # adds back the thumbprint as kid
    )

Is there something I did wrong?

This is a great library, just wondering if you could add an example showing how to decode a JWT token.

Here's what I worked out:

from jwskate import Jwt, JwkSet
jwkset = JwkSet(requests.get('https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json').json())

def bottleGetAgent() -> URIRef:
    pomAssertion = bottle.request.headers.get('X-Pomerium-Jwt-Assertion', None)
    jwt = Jwt(pomAssertion)
    jwt.validate(jwkset['keys'][0],
                 algs=['ES256'], 
                 issuer='authenticate.bigasterisk.com', 
                 audience='bigasterisk.com')
    log.debug('claims=%r', jwt.claims)
    ...

This seems to work, but obviously I don't want the [0] in there. jwkset.verify seems relevant, but it doesn't take any of the values I want to pass in.

FYI , I'm expecting something like jwt.validate(jwkset.find_key_for(jwt), ...) or jwkset.verify(jwt, algs, issuer, audience).

If someone does write this doc, we should ask https://www.pomerium.com/docs/capabilities/getting-users-identity to link to it.