python-jose icon indicating copy to clipboard operation
python-jose copied to clipboard
verified publisher icon mpdavis

current release 3.3.0 raises JWSError('Signature verification failed.') while 3.2.0 does not when decoding ES256

Open dcreekp opened this issue 3 years ago • 0 comments

Using latest python 3.8 The problem:

>>> import jose
>>> jose.__version__
'3.3.0'
>>> from jose import jwt
>>> key = {'alg': 'ES256', 'created_at': 1560466143, 'crv': 'P-256', 'expired_at': None, 'kid': '6c5516e1-92dc-479e-a8ff-5a51992e0001', 'kty': 'EC', 'use': 'sig', 'x': '35lvC8uz2QrWpQJ3TUH8t9o9DURMp7ydU518RKDl20k', 'y': 'I8BuXB2bvxelzJAd7OKhd-ZwjCst05Fx47Mb_0ugros'}
>>> signed_jwt = "eyJhbGciOiJFUzI1NiIsImtpZCI6IjZjNTUxNmUxLTkyZGMtNDc5ZS1hOGZmLTVhNTE5OTJlMDAwMSIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2NDQ0MzUyMDUsInJlcXVlc3RfYm9keV9zaGEyNTYiOiJkNzBkNzFmMjI2YTJmMjlkZTE3ODczYmVjNGU3NDY5ZDQ3Y2E3ZGJmOTc3MjhlNzhjYzI3MTEyMTFmMWI2OGU2In0.LoYFbFR8_T4nRk_vAC48k_hz3Z9OQ8lcymcaHm2Rn96UWObY2qHbM_7cmvIUioJKnKaZpbyoLeRXqnnx7--jsA"
>>> claims = jwt.decode(signed_jwt, key, algorithms=["ES256"])
Traceback (most recent call last):
  File "/some-machine/miniconda3/envs/blue/lib/python3.8/site-packages/jose/jws.py", line 262, in _verify_signature
    raise JWSSignatureError()
jose.exceptions.JWSSignatureError

found temporary solution to downgrade to 3.2.0

>>> import jose
>>> jose.__version__
'3.2.0'
>>> from jose import jwt
>>> key = {'alg': 'ES256', 'created_at': 1560466143, 'crv': 'P-256', 'expired_at': None, 'kid': '6c5516e1-92dc-479e-a8ff-5a51992e0001', 'kty': 'EC', 'use': 'sig', 'x': '35lvC8uz2QrWpQJ3TUH8t9o9DURMp7ydU518RKDl20k', 'y': 'I8BuXB2bvxelzJAd7OKhd-ZwjCst05Fx47Mb_0ugros'}
>>> signed_jwt = "eyJhbGciOiJFUzI1NiIsImtpZCI6IjZjNTUxNmUxLTkyZGMtNDc5ZS1hOGZmLTVhNTE5OTJlMDAwMSIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2NDQ0MzUyMDUsInJlcXVlc3RfYm9keV9zaGEyNTYiOiJkNzBkNzFmMjI2YTJmMjlkZTE3ODczYmVjNGU3NDY5ZDQ3Y2E3ZGJmOTc3MjhlNzhjYzI3MTEyMTFmMWI2OGU2In0.LoYFbFR8_T4nRk_vAC48k_hz3Z9OQ8lcymcaHm2Rn96UWObY2qHbM_7cmvIUioJKnKaZpbyoLeRXqnnx7--jsA"
>>> claims = jwt.decode(signed_jwt, key, algorithms=["ES256"])
>>> claims
{'iat': 1644435205, 'request_body_sha256': 'd70d71f226a2f29de17873bec4e7469d47ca7dbf97728e78cc2711211f1b68e6'}

I hope this is enough information. I looked through diff of releases and could not find anything obvious so created this issue. Thanks for all the work put into this library.

dcreekp avatar Feb 10 '22 13:02 dcreekp