Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC: Fix JWT decode key type #13148

Merged
merged 5 commits into from
Mar 7, 2023
Merged

OIDC: Fix JWT decode key type #13148

merged 5 commits into from
Mar 7, 2023

Conversation

woodruffw
Copy link
Member

We've been passing in the PyJWK directly, when pyjwt.decode(...) doesn't support that -- it only supports PEM-encoded str or bytes objects, or a pre-constructed cryptography key type (like _RSAPublicKey from the OpenSSL backend).

The latter isn't included in the public type hints, but it's included in the library's official documentation.

xref jpadilla/pyjwt#864

@woodruffw
oidc/services: fix pyjwt API usage
e7b8999 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw
tests: update OIDC service tests
c0463e5 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw requested a review from a team as a code owner March 7, 2023 16:04
@woodruffw
Copy link
Member Author

woodruffw commented Mar 7, 2023
edited
Loading

This is a little annoying to test since it's entirely in third-party code, but I could add a backstop test for it (e.g. ensuring we only get an invalid signature, never a TypeError, when we pass a cryptography key type into decode). Thoughts @di?

Edit: Doing these tests now.

@woodruffw
tests: backstop tests for PyJWT
cccb829 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw
tests: ensure proper sentry messages get sent
d9f323c 
Signed-off-by: William Woodruff <william@trailofbits.com>
@woodruffw woodruffw self-assigned this Mar 7, 2023
@woodruffw woodruffw requested a review from di March 7, 2023 17:11
@woodruffw woodruffw mentioned this pull request Mar 7, 2023
Closed
@di di merged commit c195b21 into pypi:main Mar 7, 2023
@woodruffw woodruffw deleted the tob-jwt-types branch March 7, 2023 17:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di approved these changes

Assignees

@woodruffw woodruffw

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@woodruffw @di