joserfc icon indicating copy to clipboard operation
joserfc copied to clipboard
verified publisher icon authlib

KeySet: no error when import_key_set() returns empty

Open bjmc opened this issue 9 months ago • 0 comments

Hello, I'm not sure if this is properly a bug or an enhancement, but something I was caught out by working with KeySet

from unittest.mock import MagicMock
from joserfc.jwk import KeySet

keyset = KeySet.import_key_set(MagicMock())
# Surprised that you can call import_key_set() and silently end
# up without any keys
assert keyset.keys, "Whoops, no keys!"

I think the issue is that keys defaults to an empty list here and there's no check on returning an empty list.

We could make a case that this isn't a bug, "If someone does KeySet.import_key_set({'keys': []}) they obviously hoped to end up with an empty KeySet; the empty set is still a set," but I feel like the principle of least astonishment applies here. I imagine 99% of people who are importing a key set hope to end up with a set containing at least one key.

Are you open to a PR to change this behavior? I would expect import_key_set() to raise an exception if it's unable to load at least one key.

bjmc avatar Mar 25 '25 15:03 bjmc