You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The PyJWKClient is not able to detect the ES384 Algorithm from a key.
The code breaks with the following error message:
[ERROR] PyJWKError: Unable to find a algorithm for key: {'kty': 'EC', 'kid': 'ZWZDBDUHH3G3AK2G', 'x': 'BROh-CQfiSv_KlafsTld4_QBJqsDbqjlP0S47_lVXUWCHbatKBKnIJw6DlG2O29c', 'y': 'gKKj6VDEocCjaL0I9Z76mI4X4sFDBLw50lL0Wgmfr2ptGLkl9neSAd_z2oUBX7R3', 'crv': 'P-384', 'iat': 1612965351, 'exp': 1612986951}
Traceback (most recent call last):
File "/opt/python/aws_lambda_powertools/tracing/tracer.py", line 303, in decorate
response = lambda_handler(event, context, **kwargs)
File "/opt/python/aws_lambda_powertools/logging/logger.py", line 270, in decorate
return lambda_handler(event, context)
File "/var/task/bff/oauth_result.py", line 27, in lambda_handler
return execute(evt, config)
File "/var/task/bff/oauth_result.py", line 33, in execute
access_token = load_access_token(request, config)
File "/var/task/bff/clients/oauth_client.py", line 26, in load_access_token
id_token = _load_id_token(request.code, openid_configuration, config)
File "/var/task/bff/clients/oauth_client.py", line 65, in _load_id_token
signing_key = jwks_client.get_signing_key_from_jwt(id_token)
File "/opt/python/jwt/jwks_client.py", line 54, in get_signing_key_from_jwt
return self.get_signing_key(header.get("kid"))
File "/opt/python/jwt/jwks_client.py", line 36, in get_signing_key
signing_keys = self.get_signing_keys()
File "/opt/python/jwt/jwks_client.py", line 23, in get_signing_keys
jwk_set = self.get_jwk_set()
File "/opt/python/jwt/jwks_client.py", line 20, in get_jwk_set
return PyJWKSet.from_dict(data)
File "/opt/python/jwt/api_jwk.py", line 63, in from_dict
return PyJWKSet(keys)
File "/opt/python/jwt/api_jwk.py", line 58, in __init__
self.keys.append(PyJWK(key))
File "/opt/python/jwt/api_jwk.py", line 21, in __init__
raise PyJWKError("Unable to find a algorithm for key: %s" % self._jwk_data)
Also adding the 'alg': 'ES384' attribute via the hack discussed in #603 (comment) doesn't solve it.
Expected Result
The following code should work, because token and key belong together.
The
PyJWKClient
is not able to detect theES384
Algorithm from a key.The code breaks with the following error message:
Also adding the
'alg': 'ES384'
attribute via the hack discussed in #603 (comment) doesn't solve it.Expected Result
The following code should work, because token and key belong together.
Actual Result
What does work is the decoding with disabled signature verification:
System Information
The text was updated successfully, but these errors were encountered: