Authentication setup, missing cryptography #1191
Description
Describe the bug
Hello, I am trying to use the Authentication feature with xcube server but I have encountered an error, I think related to the PyJWT dependency.
To Reproduce
- Install the xcube dependencies with:
mamba create --name testenv --channel conda-forge xcube
mamba activate testenv- Added the section to my config file:
Authentication:
Authority: <url to keycloak>
Audience: <audience>
IsRequired: true- Start xcube server:
xcube serve -vvv --config config.yaml- Send request to server with valid keycloak access token:
curl --location 'http://localhost:8080/ogc/collections/datacubes/items' \
--header 'Authorization: Bearer <access token>'Response:
{
"error": {
"status_code": 500,
"exception": [
"Traceback (most recent call last):\n",
" File \"/home/or5/miniforge3/envs/testenv/lib/python3.13/site-packages/tornado/web.py\", line 1790, in _execute\n result = await result\n ^^^^^^^^^^^^\n",
" File \"/home/or5/miniforge3/envs/testenv/lib/python3.13/site-packages/xcube/server/webservers/tornado.py\", line 337, in get\n await self._call_method(\"get\", *args, **kwargs)\n",
" File \"/home/or5/miniforge3/envs/testenv/lib/python3.13/site-packages/xcube/server/webservers/tornado.py\", line 355, in _call_method\n await method(*args, **kwargs)\n",
" File \"/home/or5/miniforge3/envs/testenv/lib/python3.13/site-packages/xcube/webapi/ows/stac/routes.py\", line 89, in get\n granted_scopes = self.ctx.auth_ctx.get_granted_scopes(self.request.headers)\n",
" File \"/home/or5/miniforge3/envs/testenv/lib/python3.13/site-packages/xcube/webapi/auth/context.py\", line 65, in get_granted_scopes\n id_token = self.get_id_token(request_headers, require_auth=must_authenticate)\n",
" File \"/home/or5/miniforge3/envs/testenv/lib/python3.13/site-packages/xcube/webapi/auth/context.py\", line 136, in get_id_token\n jwt.algorithms.RSAAlgorithm.from_jwk(rsa_key),\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n",
"AttributeError: module 'jwt.algorithms' has no attribute 'RSAAlgorithm'. Did you mean: 'Algorithm'?\n"
],
"message": "module 'jwt.algorithms' has no attribute 'RSAAlgorithm'"
}
}Having a look in the PyJWT git repo, it seems the class definition for "RSAAlgorithm" is inside an if block:
https://github.com/jpadilla/pyjwt/blob/master/jwt/algorithms.py#L392
So for me, "has_crypto" is False, as the ModuleNotFoundError was thrown for "cryptography".
Can you advise if I have missed something in the installation documentation / setup, that if you want to use Authentication that cryptography must be installed?
Thanks!