-
-
Notifications
You must be signed in to change notification settings - Fork 679
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PyJWKClient doesn't support custom SSL contexts #789
Comments
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days |
Was this ever implemented? I"m running into this same issue because my corporate FW is doing SSL decryption. Otherwise I can look to another library. |
@ChrisMeeusen Not that I know of. I'm not sure why it didn't get a response. I'm currently using my monkeypatch solution above. Maybe they ignored it because there's that workaround. |
Thanks for the response, when you say you're using the monkeypatch solution does that mean you basically pulled down all the source code for this library and build it along side your application? There is no way to just update that single file right? Sorry I'm pretty new to Python. |
@ChrisMeeusen Thankfully no, you don't have to re-build the library. In Python you can essentially replace a library function by redefining it. So the code that I've shown above is all that's needed. The top two answers here are a good reference: https://stackoverflow.com/questions/5626193/what-is-monkey-patching |
I met the same issue and found that PyJWKClient receives "ssl_context" parameter.
That solves this problem |
Ah, excellent. Looks like this feature was added in this merge request and then released in 2.8.0. Thanks for pointing that out! |
PyJWKClient doesn't support custom SSL contexts when calling
fetch_data()
to get the JWK set.Expected Result
get_signing_key_from_jwt()
could accept a SSLContext as a parameter to support authorization servers that may require custom SSL configurations, for example a server in a test environment that uses self-signed certs or requires a custom CA bundle.Actual Result
For example, attempting
get_signing_key_from_jwt()
in a test environment that uses self-signed certs raisesurllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)>
Monkeypatched Solution
As shown, it's possible to pass a
context
tourllib.request.urlopen
to allow specifying a custom SSLContext to enable working with servers that might be in a development environment or otherwise non-conforming to the default SSL options.The text was updated successfully, but these errors were encountered: