Skip to content

PyJWT api incompatible with cryptography #706

New issue
New issue
Closed
Closed
PyJWT api incompatible with cryptography#706
@alex-hsp

Description

@alex-hsp
alex-hsp
opened on Oct 28, 2021

Using ES256, i am trying to generate JWT token with following code

    audience = 'https://appleid.apple.com'
    alg = 'ES256'

    # Define issue timestamp.
    issued_at_timestamp = int(dt.datetime.utcnow().timestamp())
    # Define expiration timestamp. May not exceed 180 days from issue timestamp.
    expiration_timestamp = issued_at_timestamp + 86400 * 180

    # Define JWT headers.
    headers = dict()
    headers['alg'] = alg
    headers['kid'] = key_id

    # Define JWT payload.
    payload = dict()
    payload['sub'] = client_id
    payload['aud'] = audience
    payload['iat'] = issued_at_timestamp
    payload['exp'] = expiration_timestamp
    payload['iss'] = team_id

    with open(private_key_file, 'r') as key_file:
        key = ''.join(key_file.readlines())

    client_secret = jwt.encode(
        payload=payload,
        headers=headers,
        algorithm=alg,
        key=key
    )

private key file is .pem with -----BEGIN RSA PRIVATE KEY----- inside

Expected Result

Expected to generate token. Same code worked 6 months ago.

Actual Result

  File "/Users/Alexander_Gorokhov/PycharmProjects/hs-databricks/tasks.py", line 128, in generate_asa_client_secret
    client_secret = jwt.encode(
  File "/Users/Alexander_Gorokhov/.local/share/virtualenvs/hs-databricks-35vk8C_U/lib/python3.9/site-packages/jwt/api_jwt.py", line 63, in encode
    return api_jws.encode(json_payload, key, algorithm, headers, json_encoder)
  File "/Users/Alexander_Gorokhov/.local/share/virtualenvs/hs-databricks-35vk8C_U/lib/python3.9/site-packages/jwt/api_jws.py", line 114, in encode
    signature = alg_obj.sign(signing_input, key)
  File "/Users/Alexander_Gorokhov/.local/share/virtualenvs/hs-databricks-35vk8C_U/lib/python3.9/site-packages/jwt/algorithms.py", line 423, in sign
    der_sig = key.sign(msg, ec.ECDSA(self.hash_alg()))
TypeError: sign() missing 1 required positional argument: 'algorithm'

key is cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey
sign_obj is jwt.algorithms.ECAlgorithm

key.sign requires padding and algorithm parameters.

Reproduction Steps

System Information

$ python -m jwt.help

{
  "cryptography": {
    "version": "3.4.8"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.9.5"
  },
  "platform": {
    "release": "20.6.0",
    "system": "Darwin"
  },
  "pyjwt": {
    "version": "2.3.0"
  }
}

Same story on ubuntu 20 VM

Am i missing something?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions