python-jose

python-jose copied to clipboard

jricher

Documentation error in python-jose tutorial (encoding)

3

**Env** python-jose (3.2.0) python3.6 **error:** `python3.6/site-packages/jose/utils.py", line 87, in base64url_decode input += b'=' * (4 - rem) TypeError: must be str, not bytes ` **trigger:** When one follows your basic...

raphet

JWS.sign() hardcodes "typ": "JWT"

1

Setting the JOSE header "typ" to "JWT" is hardcoded in jws._encode_header(). Although setting this parameter is recommended in rfc7519 (JWT specification), in rfc 7515 (JWS specification) it is marked as...

alxnik

cryptography backend always throws JWSSignatureError, but native backend works

2

I am unable to successfully validate any tokens when the `cryptography` backend is installed. Consider this example: ```python from jose import jwt key = { "p": "-grGsVMl5QibKa90qaoxToi5Y3ifyJ7qIKG0FowD7AhO6FSYIN1sdQBfoJvI1w7doWtzhgbui5aaVELWWh85QXYJY44OD5wshLEEHl5-RwQXLbme0hKKJ8lJRxGLZ5Njuqi0Q9lybY_jCzyqomO8MDpIC6lB4Y-Ho5OYiwfvrcM", "kty": "RSA", "q":...

cloudspeak

jwk construction: impossible to NOT raise an exception with A256GCM algo

2

Hi everyone, There is an issue constructing jwk's. I'm using the [cryptography] module. NOTE: I got around this issue by just using jwe directly. Consider the following example: ``` from...

jsimonlane

pyca/cryptography is vulnerable to Bleichenbacher attacks on PKCS#1 v1.5 decryption

2

As far as I can tell, `python-jose` supports PKCS#1 v1.5 for key transport: https://github.com/mpdavis/python-jose/blob/99ec142374a6eb98e32be5b8cdfd72508fd404d4/docs/jwe/index.rst#supported-key-management-algorithms and: https://github.com/mpdavis/python-jose/blob/99ec142374a6eb98e32be5b8cdfd72508fd404d4/tests/test_jwe.py#L84-L97 at the same time, pyca/cryptography doesn't guarantee side-channel safety of their decryption API: https://github.com/pyca/cryptography/issues/5510...

tomato42

Improve jwt.decode key doc

2

PR for #96

erny

Improve Docs for jwt.decode with JWK

3

https://github.com/mpdavis/python-jose/blob/master/jose/jwt.py#L70v def decode(token, key, algorithms=None, options=None, audience=None, issuer=None, subject=None, access_token=None): """Verifies a JWT string's signature and validates reserved claims. ... key (str): A key to attempt to verify the payload...

topher96

Wrong type of exception raised if required claim is missing in jwt.decode

2

The [documentation of `jwt.decode`](https://github.com/mpdavis/python-jose/blob/8a3fa3534daa5bba41a654c337c2a06410e7b59c/jose/jwt.py#L115-L118) says: > Raises: > JWTError: If the signature is invalid in any way. > ExpiredSignatureError: If the signature has expired. > JWTClaimsError: If any claim is...

akikoskinen

Next PyPi release?

1

Hi, I'm looking forward to using the recently added JWE feature, but the version in pypi doesn't contain this feature yet and looks to be about 4 months old compared...

o7o7