From 1e5b97318ab5725d3a879be68835b0d57066ba37 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Fri, 9 Dec 2016 14:25:51 -0500
Subject: [PATCH] Fix loading of public keys for OIDC under Linux

Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
---
 util/config/oauth.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/util/config/oauth.py b/util/config/oauth.py
index 6e3f6f078..44bf084f2 100644
--- a/util/config/oauth.py
+++ b/util/config/oauth.py
@@ -5,6 +5,10 @@ import time
 
 from cachetools import TTLCache
 from cachetools.func import lru_cache
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.serialization import load_der_public_key
+
 from jwkest.jwk import KEYS
 from util import slash_join
 
@@ -341,7 +345,10 @@ class OIDCConfig(OAuthConfig):
 
     rsa_key = list(keys)[0]
     rsa_key.deserialize()
-    return rsa_key.key.exportKey('PEM')
+
+    # Reload the key so that we can give a key *instance* to PyJWT to work around its weird parsing
+    # issues.
+    return load_der_public_key(rsa_key.key.exportKey('DER'), backend=default_backend())
 
 
 class DexOAuthConfig(OIDCConfig):