New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decode with PyJWK #886
base: master
Are you sure you want to change the base?
Decode with PyJWK #886
Conversation
jwt/api_jwk.py
Outdated
@@ -52,6 +52,7 @@ def __init__(self, jwk_data: JWKDict, algorithm: str | None = None) -> None: | |||
if not has_crypto and algorithm in requires_cryptography: | |||
raise PyJWKError(f"{algorithm} requires 'cryptography' to be installed.") | |||
|
|||
self.algorithm = algorithm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Imo having both self.algorithm
and self.Algorithm
may be too similar
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Understandable. Any suggestions? self.algorithm_name
? self.alg
? (To match the JWK field)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
self.algorithm_name
seems alright, actually I think self.Algorithm
is the one being wrong, and self.algorithm_class
or something similar might be better. Anyway better not breaking any public attribute
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will do.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm +1 on @Viicos's suggestion.
for more information, see https://pre-commit.ci
Ready for review 👍 |
restarted the CI, lets hope all are green |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if not has_crypto and algorithm in requires_cryptography:
raise PyJWKError(f"{algorithm} requires 'cryptography' to be installed.")
E jwt.exceptions.PyJWKError: ES256 requires 'cryptography' to be installed.
jwt/api_jwk.py:53: PyJWKError
=========================== short test summary info ============================
SKIPPED [1] tests/test_advisory.py:27: Requires cryptography library installed
Okay, I fixed tests w/o cryptography installed. |
Ping. Any more feedback on this? @auvipy, it looks like you need to approve my changes. |
This PR contains three proposed changes. You can accept or reject any of them as you see fit. This is just a rough draft, once the functionality is approved I'll clean it up, add tests, and document.
Add
algorithm
string toPyJWK
. This is useful in determine the appropriatealgorithms
value to pass intodecode()
.Allow a
PyJWK
to be passed directly intodecode()
, so it's not necessary to pullPyJWK.key
. (This would fix Shouldjwt.decode
acceptPyJWK
keys? #864)If a
PyJWK
is passed intodecode()
andalgorithms
is not set, use the algorithm from the JWK. This change makes the API more convenient and reduces room for error: There's no reason that you should use any algorithm but the JWK's algorithm and doing otherwise is problematic at best and a possible security threat at worst.