Fix loading of public keys for OIDC under Linux
Python's crypto lib under Linux has issues with loading PEM-encoded keys, so we just load it as a DER here and give PyJWT the key *instance* to use directly.
This commit is contained in:
Joseph Schorr
parent
1302fd2fbd
commit
1e5b97318a
1 changed files with 8 additions and 1 deletions
|
|
@ -5,6 +5,10 @@ import time
|
||||||
|
|
||||||
from cachetools import TTLCache
|
from cachetools import TTLCache
|
||||||
from cachetools.func import lru_cache
|
from cachetools.func import lru_cache
|
||||||
|
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
from cryptography.hazmat.primitives.serialization import load_der_public_key
|
||||||
|
|
||||||
from jwkest.jwk import KEYS
|
from jwkest.jwk import KEYS
|
||||||
from util import slash_join
|
from util import slash_join
|
||||||
|
|
||||||
|
|
@ -341,7 +345,10 @@ class OIDCConfig(OAuthConfig):
|
||||||
|
|
||||||
rsa_key = list(keys)[0]
|
rsa_key = list(keys)[0]
|
||||||
rsa_key.deserialize()
|
rsa_key.deserialize()
|
||||||
return rsa_key.key.exportKey('PEM')
|
|
||||||
|
# Reload the key so that we can give a key *instance* to PyJWT to work around its weird parsing
|
||||||
|
# issues.
|
||||||
|
return load_der_public_key(rsa_key.key.exportKey('DER'), backend=default_backend())
|
||||||
|
|
||||||
|
|
||||||
class DexOAuthConfig(OIDCConfig):
|
class DexOAuthConfig(OIDCConfig):
|
||||||
|
|
|
||||||
Reference in a new issue