Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PyJWKClient raises error when key omits "use" (Public Key Use) parameter #626

Closed
mjr9804 opened this issue Mar 8, 2021 · 1 comment
Closed
Labels
stale Issues without activity for more than 60 days

Comments

@mjr9804
Copy link

mjr9804 commented Mar 8, 2021

PyJWKClient.get_signing_keys is hard-coded to look for keys that have a use (Public Key Use) value of sig. This causes errors when working with JWKs that omit this parameter. I believe this is an optional parameter according to RFC 7517, Section 4.2.

Adjusting the check at https://github.com/jpadilla/pyjwt/blob/master/jwt/jwks_client.py#L32 fixes the problem, but I'm not sure what the best solution is. It seems you could either assume that a key that omits use is a signing key, ignore any keys with "use": "enc", or maybe expose some configuration knob.

Expected Result

PyJWKClient should be able to parse signing keys from JWKs that omit the optional use parameter.

Actual Result

A PyJWKClientError is raised.

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File ".../Python/3.7/lib/python/site-packages/jwt/jwks_client.py", line 31, in get_signing_keys
    raise PyJWKClientError("The JWKS endpoint did not contain any signing keys")
jwt.exceptions.PyJWKClientError: The JWKS endpoint did not contain any signing keys

Reproduction Steps

import jwt

# Sample JWK that omits 'use'
SAMPLE_URL = 'https://gist.githubusercontent.com/mjr9804/83e8388cc5d2a03e54938da189668770/raw/5514eec3c12714eb2a57bf180810b23ac841ad9b/jwk.json'
jwks_client = jwt.PyJWKClient(SAMPLE_URL)
jwks_client.get_signing_keys()

System Information

$ python -m jwt.help
{
    "cryptography": {
      "version": "3.2"
    },
    "implementation": {
      "name": "CPython",
      "version": "3.7.3"
    },
    "platform": {
      "release": "19.6.0",
      "system": "Darwin"
    },
    "pyjwt": {
      "version": "2.0.1"
    }
}
@github-actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the stale Issues without activity for more than 60 days label May 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
stale Issues without activity for more than 60 days
Projects
None yet
Development

No branches or pull requests

1 participant