Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decode with PyJWK #886

Merged
merged 14 commits into from
May 11, 2024
Merged

Decode with PyJWK #886

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
39d3344
Add `algorithm` property to `PyJWK`
luhn Apr 28, 2023
2fdeaa6
Allow `PyJWK` as a key when decoding JWTs.
luhn Apr 28, 2023
ac7db73
Use PyJWK algorithm by default when deocding JWTs.
luhn Apr 28, 2023
a4d6b3b
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Apr 28, 2023
05749d1
Rename `PyJWK.algorithm` to `PyJWK.algorithm_name`
luhn Oct 16, 2023
745dd47
Test `PyJWK.algorithm_name`
luhn Oct 16, 2023
3a27cea
Test decode with PyJWK object.
luhn Oct 16, 2023
e9ecde3
Test implicit algorithm with PyJWK.
luhn Oct 16, 2023
930ce80
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Oct 16, 2023
bb057c1
Flake8 fix.
luhn Oct 16, 2023
1d16024
Refactor to fix a mypy error.
luhn Oct 16, 2023
872dcf6
Merge branch 'jpadilla:master' into decode-with-jwk
luhn Oct 16, 2023
1909433
Update sample usage.
luhn Oct 16, 2023
4e6a7be
Fix test.
luhn Oct 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions jwt/api_jwk.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ def __init__(self, jwk_data: JWKDict, algorithm: str | None = None) -> None:
if not has_crypto and algorithm in requires_cryptography:
raise PyJWKError(f"{algorithm} requires 'cryptography' to be installed.")

self.algorithm = algorithm
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Imo having both self.algorithm and self.Algorithm may be too similar

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understandable. Any suggestions? self.algorithm_name? self.alg? (To match the JWK field)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

self.algorithm_name seems alright, actually I think self.Algorithm is the one being wrong, and self.algorithm_class or something similar might be better. Anyway better not breaking any public attribute

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will do.

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm +1 on @Viicos's suggestion.

self.Algorithm = self._algorithms.get(algorithm)

if not self.Algorithm:
Expand Down
10 changes: 8 additions & 2 deletions jwt/api_jws.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
has_crypto,
requires_cryptography,
)
from .api_jwk import PyJWK
from .exceptions import (
DecodeError,
InvalidAlgorithmError,
Expand Down Expand Up @@ -172,7 +173,7 @@
def decode_complete(
self,
jwt: str | bytes,
key: AllowedPublicKeys | str | bytes = "",
key: AllowedPublicKeys | PyJWK | str | bytes = "",
algorithms: list[str] | None = None,
options: dict[str, Any] | None = None,
detached_payload: bytes | None = None,
Expand All @@ -190,6 +191,11 @@
merged_options = {**self.options, **options}
verify_signature = merged_options["verify_signature"]

if isinstance(key, PyJWK):
if algorithms is None:
algorithms = [key.algorithm]
key = key.key

Check warning on line 197 in jwt/api_jws.py

View check run for this annotation

Codecov / codecov/patch

jwt/api_jws.py#L196-L197 

Added lines #L196 - L197 were not covered by tests

if verify_signature and not algorithms:
raise DecodeError(
'It is required that you pass in a value for the "algorithms" argument when calling decode().'
Expand Down Expand Up @@ -217,7 +223,7 @@
def decode(
self,
jwt: str | bytes,
key: AllowedPublicKeys | str | bytes = "",
key: AllowedPublicKeys | PyJWK | str | bytes = "",
algorithms: list[str] | None = None,
options: dict[str, Any] | None = None,
detached_payload: bytes | None = None,
Expand Down
7 changes: 4 additions & 3 deletions jwt/api_jwt.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
from datetime import datetime, timedelta, timezone
from typing import TYPE_CHECKING, Any

from . import api_jws
from . import api_jwk, api_jws
from .exceptions import (
DecodeError,
ExpiredSignatureError,
Expand All @@ -21,6 +21,7 @@

if TYPE_CHECKING:
from .algorithms import AllowedPrivateKeys, AllowedPublicKeys
from .api_jwk import PyJWK


class PyJWT:
Expand Down Expand Up @@ -100,7 +101,7 @@ def _encode_payload(
def decode_complete(
self,
jwt: str | bytes,
key: AllowedPublicKeys | str | bytes = "",
key: AllowedPublicKeys | PyJWK | str | bytes = "",
algorithms: list[str] | None = None,
options: dict[str, Any] | None = None,
# deprecated arg, remove in pyjwt3
Expand Down Expand Up @@ -185,7 +186,7 @@ def _decode_payload(self, decoded: dict[str, Any]) -> Any:
def decode(
self,
jwt: str | bytes,
key: AllowedPublicKeys | str | bytes = "",
key: AllowedPublicKeys | PyJWK | str | bytes = "",
algorithms: list[str] | None = None,
options: dict[str, Any] | None = None,
# deprecated arg, remove in pyjwt3
Expand Down