New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crash on absent key id during exception handling #209
Comments
Good catch! |
Do you have a reproducer? |
Nevermind, got it. |
simo5
added a commit
to simo5/jwcrypto
that referenced
this issue
Jun 3, 2021
This was causing the excpetion itself to crash on keys that do not have a 'kid'. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>
simo5
added a commit
to simo5/jwcrypto
that referenced
this issue
Jun 3, 2021
Direct use of k['kid'] was causing the excpetion itself to crash on keys that do not have a 'kid' with a keyError. Always use the .get accessor to pull 'kid' so that None is returned when not availble. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>
simo5
added a commit
to simo5/jwcrypto
that referenced
this issue
Jun 4, 2021
This was causing the excpetion itself to crash on keys that do not have a 'kid'. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>
simo5
added a commit
to simo5/jwcrypto
that referenced
this issue
Jun 7, 2021
Direct use of k['kid'] was causing the excpetion itself to crash on keys that do not have a 'kid' with a keyError. Always use the .get accessor to pull 'kid' so that None is returned when not availble. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>
simo5
added a commit
to simo5/jwcrypto
that referenced
this issue
Jun 7, 2021
Direct use of k['kid'] was causing the excpetion itself to crash on keys that do not have a 'kid' with a keyError. Always use the .get accessor to pull 'kid' so that None is returned when not availble. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>
simo5
added a commit
to simo5/jwcrypto
that referenced
this issue
Jun 7, 2021
Direct use of k['kid'] was causing the excpetion itself to crash on keys that do not have a 'kid' with a keyError. Always use the .get accessor to pull 'kid' so that None is returned when not availble. Fixes latchset#209 Signed-off-by: Simo Sorce <simo@redhat.com>
simo5
added a commit
that referenced
this issue
Jun 9, 2021
Direct use of k['kid'] was causing the excpetion itself to crash on keys that do not have a 'kid' with a keyError. Always use the .get accessor to pull 'kid' so that None is returned when not availble. Fixes #209 Signed-off-by: Simo Sorce <simo@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This has been introduced by 0edf66d in 0.9:
The property key_id returned None if key had no key id, but this made 'kid' mandatory.
The bug happens whenever an exception is raised during deserialization with such key. For example, a call to
JWT(jwt=jwt, key=key, algs=['RS256', 'ES256'])
with an ES256 key will trigger it, as the first attempt to use key as a RS256 key raises an exception.The text was updated successfully, but these errors were encountered: