Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AttributeError is_jwe #83

Closed
marcanpilami opened this issue May 3, 2015 · 3 comments
Closed

AttributeError is_jwe #83

marcanpilami opened this issue May 3, 2015 · 3 comments

Comments

@marcanpilami
Copy link

When using the "code" response-type, the library logicaly tries to get a token. However it fails with:

File "C:\Users\Marc-Antoine\venv\oidc\lib\site-packages\oic\oic\__init__.py" in do_access_token_request
  588.                                                      authn_method, **kwargs)
File "C:\Users\Marc-Antoine\venv\oidc\lib\site-packages\oic\oauth2\__init__.py" in do_access_token_request
  617.                                        http_args=http_args, **kwargs)
File "C:\Users\Marc-Antoine\venv\oidc\lib\site-packages\oic\oauth2\__init__.py" in request_and_return
  551.                                            **kwargs)
File "C:\Users\Marc-Antoine\venv\oidc\lib\site-packages\oic\oauth2\__init__.py" in parse_request_response
  519.                                            state, **kwargs)
File "C:\Users\Marc-Antoine\venv\oidc\lib\site-packages\oic\oauth2\__init__.py" in parse_response
  445.                 verf = resp.verify(**kwargs)
File "C:\Users\Marc-Antoine\venv\oidc\lib\site-packages\oic\oic\message.py" in verify
  288.             idt = IdToken().from_jwt(str(self["id_token"]), **args)
File "C:\Users\Marc-Antoine\venv\oidc\lib\site-packages\oic\oauth2\message.py" in from_jwt
  482.         _jw = jwe.factory(txt)
File "C:\Users\Marc-Antoine\venv\oidc\lib\site-packages\jwkest\jwe.py" in factory
  698.     if _jw.is_jwe(p[0]):
File "C:\Users\Marc-Antoine\venv\oidc\lib\site-packages\jwkest\jws.py" in __getattr__
  283.             raise AttributeError(item)

Exception Type: AttributeError at /openid/authz_cb/
Exception Value: is_jwe

When looking at jwe.py line 695 (factory method), it seems a JWE is created, then immediately used with is_jwe. But I indeed cannot see (I may be blind, sorry if that's the case) such a method on JWE - only on JWEnc which is not a parent of JWE. As I must say this token business is way over my head, I would be hard pressed to propose a fix that does not introduce security issues or regressions...

I also suppose this is due to my using the recent version 1.0.0 of pyjwkest - but as the requirements.txt uses >=0.6.1, pip automatically downloaded that version. I may have opened the bug in your other project, but since this where I found the issue (and where you might want to require > 1.0.1) I put i here... feel free to change it.
(moreover, I should add that I could not downgrade if I wanted - version 0.6.1 uses cryptlib, which does not really have working Windows bindings anymore and my current project must run on that platform as well as RHEL)

Context: on Windows 8.1/2012R2, Inside a Django 1.8.1 project (hence the weird stacktrace format). Python x32 on x64 OS. Inside a virtualenv. Only modification to your library: from jwkest.ecc import NISTEllipticCurve (instead of from cryptlib) inside keyio.

I feel I should also mention this just in case, as Microsoft is known for less than ideal norm implémentations; I use an Azure AD OP.

 "azuread": {
        "srv_discovery_url": "https://sts.windows.net/my guid/",
        "behaviour": BEHAVIOUR,
        "client_registration": {
             "client_id": "taupesecret",
             "client_secret": "aussi taupe secret",
             "redirect_uris": ["http://localhost:8000/openid/authz_cb/"],
         }
    },

Would you be as kind as to help me debug this?
Thanks a lot.
@marcanpilami
Copy link
Author

The fixes you've done on pyjwkest do solve that exception.
However, there is still a small issue in oic.oauth2.message.py: line 514 was p = jwkest.unpack(txt) but should now I believe be p = jws.JWSig().unpack(txt).part. And line 518 should be if not _jw.keys().__contains__("alg") or _jw["alg"] == "none": to avoid an exception if the field is absent (which 1. happened to me and 2. Seems legit)

@rohe
Copy link
Collaborator

rohe commented May 4, 2015

Just did an update that should take care of that problem.

4 maj 2015 kl. 19:45 skrev marcanpilami notifications@github.com:

The fixes you've done on pyjwkest do solve that exception.
However, there is still a small issue in oic.oauth2.message.py: line 514 was p = jwkest.unpack(txt) but should now I believe be p = jws.JWSig().unpack(txt).part. And line 518 should be if not _jw.keys().contains("alg") or _jw["alg"] == "none": to avoid an exception if the field is absent (which 1. happened to me and 2. Seems legit)


Reply to this email directly or view it on GitHub.

  • Roland

"It is the consequence of humanity. We are all formed of frailty and error; let us pardon reciprocally each others’ folly - that is the first law of nature.” - Voltaire

@marcanpilami
Copy link
Author

Checked out master and as a result everything works fine in my application. Thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marcanpilami @rohe