zello-channel-api
zello-channel-api copied to clipboard
zelloptt
Authentication error occurs when using production auth token
I'm using "Consumer Zello". I tried to authorize by production auth token as follows, but authorization was failed. (Authorization was succeeded when I used sample development token.) Can't use production auth token in "Consumer Zello"? or is my approache wrong?
Test channel name was `osworksjp-test2' and run test at about 02:05 on Jan 18(UTC).
Thank you.
expermental code
import jwt # is PyJWT
import base64
from datetime import datetime
import aiohttp
import asyncio
import json
async def main(token):
session = aiohttp.ClientSession()
async with session.ws_connect('wss://zello.io/ws') as ws:
login_command = {
"command": "logon",
"seq": 1,
"auth_token": token,
"username": "hoge"
"password": "hoge",
"channel": "osworksjp-test2"
}
await ws.send_str(json.dumps(login_command))
async for msg in ws:
await ws.close()
print(msg)
break
if __name__ == '__main__':
key = open("p.pem", "r").read()
payload = {"iss": "hogehoge",
"exp": int(datetime.utcnow().timestamp()) + 36000}
token = jwt.encode(payload, key, algorithm="RS256").decode()
h, p, _ = token.split(".")
print(base64.b64decode(h))
print(base64.b64decode(p+"=="))
loop = asyncio.get_event_loop()
loop.run_until_complete(main(token))
output
I use issuer and private key that generated by https://developers.zello.com/keys, but authorization is failed.
b'{"typ":"JWT","alg":"RS256"}'
b'{"iss":"hogehoge","exp":1579312295}'
WSMessage(type=<WSMsgType.TEXT: 1>, data='{"error":"not authorized","seq":1}', extra='')
Unclosed client session
client_session: <aiohttp.client.ClientSession object at 0x10694af50>
If you want to try this solution in javascript"NodeJS" feel free, for me it works perfectly, just follow the steps mentioned.
Fork from Zello on Github
having the same issue as @shtamura when using Python. Dev token works fine, but production tokens generated using PyJWT fail as unauthorized.
I found the problem. PyJWT encodes the token using url-safe base 64 encoding, but Zello's JWT apparently does not. As a hack to verify the issue and how to address it I replaced all instances of base64url_encode() with base64.standard_b64encode() in api_jws.py and it worked. A standalone function for generating the JWT without PyJWT is probably a better workaround, or doing a PR to PyJWT to add the option for the different encoding. Note that based on this, it appears that Zello may not be compliant with JWT, but I'm no expert on that.
Per the JWT standard:
A JWT is represented as a sequence of URL-safe parts separated by period ('.') characters. Each part contains a base64url-encoded value.
It appears that the Zello API's JWT base64 encoding/decoding is not compliant with the standard, and this issue is valid. The Zello API should accept standards-compliant JWTs. Maintaining reverse compatibility by accepting both the existing (incorrect) and standard JWTs in API calls should present minimal security risk.
Thanks for the report. We are investigating and will let you know once we reach resolution.
Also ran into this issue on Python and it's proving to be a nightmare. Hope there's a solution shortly.
@Skowt until it's addressed on the Zello end, here is some Python code that creates the JWT in pure Python without a library:
https://github.com/aaknitt/zellostream
@aaknitt thanks so damn much. I've literally spent the last 5+ hours trying to do this natively in Python and it's been a nightmare. You're a gem. ⭐
@Skowt ah sorry I meant to post that link here awhile ago and forgot until I got the email notification for your post, could have saved you some trouble, my bad.
No apologies needed at all. Your issue confirmed that I wasn’t going mad and your link really saved me more days of frustration.
I’ve got my solution up and running now!
On Tue, 14 Jul 2020 at 10:37 PM, aaknitt [email protected] wrote:
@Skowt https://github.com/Skowt ah sorry I meant to post that link here awhile ago and forgot until I got the email notification for your post, could have saved you some trouble, my bad.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/zelloptt/zello-channel-api/issues/91#issuecomment-658400275, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABF273GYHPYMMCVXV2DECELR3S6XRANCNFSM4KIQVQQA .