You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PyJWKClient.get_signing_keys is hard-coded to look for keys that have a use (Public Key Use) value of sig. This causes errors when working with JWKs that omit this parameter. I believe this is an optional parameter according to RFC 7517, Section 4.2.
PyJWKClient should be able to parse signing keys from JWKs that omit the optional use parameter.
Actual Result
A PyJWKClientError is raised.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File ".../Python/3.7/lib/python/site-packages/jwt/jwks_client.py", line 31, in get_signing_keys
raise PyJWKClientError("The JWKS endpoint did not contain any signing keys")
jwt.exceptions.PyJWKClientError: The JWKS endpoint did not contain any signing keys
Reproduction Steps
importjwt# Sample JWK that omits 'use'SAMPLE_URL='https://gist.githubusercontent.com/mjr9804/83e8388cc5d2a03e54938da189668770/raw/5514eec3c12714eb2a57bf180810b23ac841ad9b/jwk.json'jwks_client=jwt.PyJWKClient(SAMPLE_URL)
jwks_client.get_signing_keys()
PyJWKClient.get_signing_keys
is hard-coded to look for keys that have ause
(Public Key Use) value ofsig
. This causes errors when working with JWKs that omit this parameter. I believe this is an optional parameter according to RFC 7517, Section 4.2.Adjusting the check at https://github.com/jpadilla/pyjwt/blob/master/jwt/jwks_client.py#L32 fixes the problem, but I'm not sure what the best solution is. It seems you could either assume that a key that omits
use
is a signing key, ignore any keys with"use": "enc"
, or maybe expose some configuration knob.Expected Result
PyJWKClient
should be able to parse signing keys from JWKs that omit the optionaluse
parameter.Actual Result
A
PyJWKClientError
is raised.Reproduction Steps
System Information
The text was updated successfully, but these errors were encountered: