# HG changeset patch # User drewp@bigasterisk.com # Date 1671084439 28800 # Node ID 530650b3bc403438e6f6dce27b930def129bed44 # Parent 293a694304b82a269efb226c389d5e6a994819bc something changed in pom to break pyjwt. switched to jwskate diff -r 293a694304b8 -r 530650b3bc40 get_agent.py --- a/get_agent.py Sat Nov 19 17:18:55 2022 -0800 +++ b/get_agent.py Wed Dec 14 22:07:19 2022 -0800 @@ -1,22 +1,24 @@ import logging import bottle -import jwt from rdflib import URIRef - +import requests +from jwskate import Jwt, JwkSet log = logging.getLogger(__name__) -jwks_client = jwt.PyJWKClient(uri='https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json') - +jwkset = JwkSet(requests.get('https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json').json()) def bottleGetAgent() -> URIRef: pomAssertion = bottle.request.headers.get('X-Pomerium-Jwt-Assertion', None) - - sk = jwks_client.get_signing_key_from_jwt(pomAssertion) - j = jwt.decode(pomAssertion, key=sk.key, algorithms=['ES256'], audience="bigasterisk.com") - + log.debug('pomAssertion=%r', pomAssertion) + jwt = Jwt(pomAssertion) + jwt.validate(jwkset['keys'][0], #?? + algs=['ES256'], + issuer='authenticate.bigasterisk.com', + audience='bigasterisk.com') + log.debug('claims=%r', jwt.claims) foaf = { 'drewpca@gmail.com': 'http://bigasterisk.com/foaf.rdf#drewp', 'kelsimp@gmail.com': 'http://bigasterisk.com/kelsi/foaf.rdf#kelsi', - }[j['email']] + }[jwt.claims['email']] return URIRef(foaf) diff -r 293a694304b8 -r 530650b3bc40 pdm.lock --- a/pdm.lock Sat Nov 19 17:18:55 2022 -0800 +++ b/pdm.lock Wed Dec 14 22:07:19 2022 -0800 @@ -22,6 +22,12 @@ summary = "Specifications for callback functions passed in to an API" [[package]] +name = "backports.cached-property" +version = "1.0.2" +requires_python = ">=3.6.0" +summary = "cached_property() - computed once per instance, cached as attribute" + +[[package]] name = "beautifulsoup4" version = "4.9.3" summary = "Screen-scraping library" @@ -30,6 +36,15 @@ ] [[package]] +name = "binapy" +version = "0.6.0" +requires_python = ">=3.7,<4.0" +summary = "Binary Data manipulation, for humans." +dependencies = [ + "typing-extensions<5.0.0,>=4.3.0", +] + +[[package]] name = "bottle" version = "0.12.19" summary = "Fast and simple WSGI-framework for small web-applications." @@ -212,6 +227,18 @@ ] [[package]] +name = "jwskate" +version = "0.5.0" +requires_python = ">=3.7,<4.0" +summary = "A Pythonic implementation of Json Web Signature, Keys, Algorithms, Tokens and Encryption (RFC7514 to 7519), on top of the `cryptography` module." +dependencies = [ + "backports.cached-property<2,>=1", + "binapy<0.7.0,>=0.6.0", + "cryptography>=3.4", + "typing-extensions>=4.3.0", +] + +[[package]] name = "lxml" version = "4.6.3" requires_python = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, != 3.4.*" @@ -305,12 +332,6 @@ ] [[package]] -name = "pyjwt" -version = "2.4.0" -requires_python = ">=3.6" -summary = "JSON Web Token implementation in Python" - -[[package]] name = "pymongo" version = "3.12.0" requires_python = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*" @@ -410,6 +431,12 @@ summary = "" [[package]] +name = "typing-extensions" +version = "4.4.0" +requires_python = ">=3.7" +summary = "Backported and Experimental Type Hints for Python 3.7+" + +[[package]] name = "urllib3" version = "1.26.9" requires_python = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4" @@ -430,7 +457,7 @@ [metadata] lock_version = "4.0" -content_hash = "sha256:d4ca5a2469569bb0eb202ae9989d5819c93de36c80ec386c6c774dab3841a525" +content_hash = "sha256:407206cbe441429bb07d0fd6e3d16a68abf916478b8bb8557de75ac42fff1cf2" [metadata.files] "appnope 0.1.3" = [ @@ -449,11 +476,19 @@ {url = "https://files.pythonhosted.org/packages/4c/1c/ff6546b6c12603d8dd1070aa3c3d273ad4c07f5771689a7b69a550e8c951/backcall-0.2.0-py2.py3-none-any.whl", hash = "sha256:fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255"}, {url = "https://files.pythonhosted.org/packages/a2/40/764a663805d84deee23043e1426a9175567db89c8b3287b5c2ad9f71aa93/backcall-0.2.0.tar.gz", hash = "sha256:5cbdbf27be5e7cfadb448baf0aa95508f91f2bbc6c6437cd9cd06e2a4c215e1e"}, ] +"backports.cached-property 1.0.2" = [ + {url = "https://files.pythonhosted.org/packages/08/83/4cea5c665d2af765c02f7d8e8560b5918405c1d7d11ccfc60c4919c1cfd0/backports.cached-property-1.0.2.tar.gz", hash = "sha256:9306f9eed6ec55fd156ace6bc1094e2c86fae5fb2bf07b6a9c00745c656e75dd"}, + {url = "https://files.pythonhosted.org/packages/eb/ae/69e52acdcf381b108b36d989ea58656de4a9ab8863aba6176d80d01041df/backports.cached_property-1.0.2-py3-none-any.whl", hash = "sha256:baeb28e1cd619a3c9ab8941431fe34e8490861fb998c6c4590693d50171db0cc"}, +] "beautifulsoup4 4.9.3" = [ {url = "https://files.pythonhosted.org/packages/1c/d9/8c507915ff962b9e854b477b203c171074f59cce9465dac9f71c2b57ebd6/beautifulsoup4-4.9.3-py2-none-any.whl", hash = "sha256:4c98143716ef1cb40bf7f39a8e3eec8f8b009509e74904ba3a7b315431577e35"}, {url = "https://files.pythonhosted.org/packages/6b/c3/d31704ae558dcca862e4ee8e8388f357af6c9d9acb0cad4ba0fbbd350d9a/beautifulsoup4-4.9.3.tar.gz", hash = "sha256:84729e322ad1d5b4d25f805bfa05b902dd96450f43842c4e99067d5e1369eb25"}, {url = "https://files.pythonhosted.org/packages/d1/41/e6495bd7d3781cee623ce23ea6ac73282a373088fcd0ddc809a047b18eae/beautifulsoup4-4.9.3-py3-none-any.whl", hash = "sha256:fff47e031e34ec82bf17e00da8f592fe7de69aeea38be00523c04623c04fb666"}, ] +"binapy 0.6.0" = [ + {url = "https://files.pythonhosted.org/packages/9f/4e/04b3218eb9d952c677c91315a19c28f93660ee539229639af50142d88583/binapy-0.6.0.tar.gz", hash = "sha256:1054b0ef1e6eccd941d4b23167ba4c5b1f5938960750686c421edc71af543fa7"}, + {url = "https://files.pythonhosted.org/packages/b2/f3/fdf9adeaf8dc67645cfaa16412e0fbc10a1a0d17d81f74c1c3a3f560b712/binapy-0.6.0-py3-none-any.whl", hash = "sha256:6ffc2812df7f43a50ed45f451af8a6f851c87e347e3a071bb0f423a1a60d8a39"}, +] "bottle 0.12.19" = [ {url = "https://files.pythonhosted.org/packages/bf/44/aeafdd6ca05a8e1c3f91eeeb272a202d5cb1b3b23730a5ca686a81c48d24/bottle-0.12.19-py3-none-any.whl", hash = "sha256:f6b8a34fe9aa406f9813c02990db72ca69ce6a158b5b156d2c41f345016a723d"}, {url = "https://files.pythonhosted.org/packages/ea/80/3d2dca1562ffa1929017c74635b4cb3645a352588de89e90d0bb53af3317/bottle-0.12.19.tar.gz", hash = "sha256:a9d73ffcbc6a1345ca2d7949638db46349f5b2b77dac65d6494d45c23628da2c"}, @@ -628,6 +663,10 @@ {url = "https://files.pythonhosted.org/packages/b3/0e/836f12ec50075161e365131f13f5758451645af75c2becf61c6351ecec39/jedi-0.18.1-py2.py3-none-any.whl", hash = "sha256:637c9635fcf47945ceb91cd7f320234a7be540ded6f3e99a50cb6febdfd1ba8d"}, {url = "https://files.pythonhosted.org/packages/c2/25/273288df952e07e3190446efbbb30b0e4871a0d63b4246475f3019d4f55e/jedi-0.18.1.tar.gz", hash = "sha256:74137626a64a99c8eb6ae5832d99b3bdd7d29a3850fe2aa80a4126b2a7d949ab"}, ] +"jwskate 0.5.0" = [ + {url = "https://files.pythonhosted.org/packages/83/25/ecbab5a4a5b80b8fd7cfc6635512a27bef87a2c3328de175d4f37bbb40c8/jwskate-0.5.0.tar.gz", hash = "sha256:b8708003dcfdfbc578893ffc27bd28522c5c3fe45725b624fdf4534b647cba76"}, + {url = "https://files.pythonhosted.org/packages/ba/84/59913202cca3a40e5ca261583feb32a044985dad7eb5fc6679351ded09be/jwskate-0.5.0-py3-none-any.whl", hash = "sha256:05623c7425a11073850237841d404f515413d8ed67cf6fca093f8a91a449e055"}, +] "lxml 4.6.3" = [ {url = "https://files.pythonhosted.org/packages/07/a1/01481822e261dde8b4a5a84dab15d24799d6a427cc388709a80cc2790f6f/lxml-4.6.3-cp39-cp39-manylinux1_i686.whl", hash = "sha256:7610b8c31688f0b1be0ef882889817939490a36d0ee880ea562a4e1399c447a1"}, {url = "https://files.pythonhosted.org/packages/08/12/71ac925687fcabdd3ad9d664d2dd9515c530c748d806147c2fbefcdfb0bd/lxml-4.6.3-cp27-cp27m-win32.whl", hash = "sha256:bc4313cbeb0e7a416a488d72f9680fffffc645f8a838bd2193809881c67dd106"}, @@ -729,10 +768,6 @@ "pyjade 4.0.0" = [ {url = "https://files.pythonhosted.org/packages/4a/04/396ec24e806fd3af7ea5d0f3cb6c7bbd4d00f7064712e4dd48f24c02ca95/pyjade-4.0.0.tar.gz", hash = "sha256:8d95b741de09c4942259fc3d1ad7b4f48166e69cef6f11c172e4b2c458b1ccd7"}, ] -"pyjwt 2.4.0" = [ - {url = "https://files.pythonhosted.org/packages/1c/fb/b82e9601b00d88cf8bbee1f39b855ae773f9d5bcbcedb3801b2f72460696/PyJWT-2.4.0-py3-none-any.whl", hash = "sha256:72d1d253f32dbd4f5c88eaf1fdc62f3a19f676ccbadb9dbc5d07e951b2b26daf"}, - {url = "https://files.pythonhosted.org/packages/d8/6b/6287745054dbcccf75903630346be77d4715c594402cec7c2518032416c2/PyJWT-2.4.0.tar.gz", hash = "sha256:d42908208c699b3b973cbeb01a969ba6a96c821eefb1c5bfe4c390c01d67abba"}, -] "pymongo 3.12.0" = [ {url = "https://files.pythonhosted.org/packages/00/f5/756d2a7bca3d51e3fb390274710772154eddbb78f07b3361a2e35732531c/pymongo-3.12.0-cp36-cp36m-manylinux2014_i686.whl", hash = "sha256:d73e10772152605f6648ba4410318594f1043bbfe36d2fadee7c4b8912eff7c5"}, {url = "https://files.pythonhosted.org/packages/02/31/92d2ca39bd33c0889ad4c474bfd3bea141463bf5c9de18b7c6310f93195d/pymongo-3.12.0-cp34-cp34m-manylinux1_i686.whl", hash = "sha256:aaa038eafb7186a4abbb311fcf20724be9363645882bbce540bef4797e812a7a"}, @@ -879,6 +914,10 @@ {url = "https://files.pythonhosted.org/packages/dd/a8/278742d17c9e95ccb0dcb86ae216df114d2166d88e72f42b60a7b58b600b/traitlets-5.5.0.tar.gz", hash = "sha256:b122f9ff2f2f6c1709dab289a05555be011c87828e911c0cf4074b85cb780a79"}, {url = "https://files.pythonhosted.org/packages/ed/f9/caefd8c90955184e7426ef930e38c185e047169b520b35bdd57d341d03f4/traitlets-5.5.0-py3-none-any.whl", hash = "sha256:1201b2c9f76097195989cdf7f65db9897593b0dfd69e4ac96016661bb6f0d30f"}, ] +"typing-extensions 4.4.0" = [ + {url = "https://files.pythonhosted.org/packages/0b/8e/f1a0a5a76cfef77e1eb6004cb49e5f8d72634da638420b9ea492ce8305e8/typing_extensions-4.4.0-py3-none-any.whl", hash = "sha256:16fa4864408f655d35ec496218b85f79b3437c829e93320c7c9215ccfd92489e"}, + {url = "https://files.pythonhosted.org/packages/e3/a7/8f4e456ef0adac43f452efc2d0e4b242ab831297f1bac60ac815d37eb9cf/typing_extensions-4.4.0.tar.gz", hash = "sha256:1511434bb92bf8dd198c12b1cc812e800d4181cfcb867674e0f8279cc93087aa"}, +] "urllib3 1.26.9" = [ {url = "https://files.pythonhosted.org/packages/1b/a5/4eab74853625505725cefdf168f48661b2cd04e7843ab836f3f63abf81da/urllib3-1.26.9.tar.gz", hash = "sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"}, {url = "https://files.pythonhosted.org/packages/ec/03/062e6444ce4baf1eac17a6a0ebfe36bb1ad05e1df0e20b110de59c278498/urllib3-1.26.9-py2.py3-none-any.whl", hash = "sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14"}, diff -r 293a694304b8 -r 530650b3bc40 pyproject.toml --- a/pyproject.toml Sat Nov 19 17:18:55 2022 -0800 +++ b/pyproject.toml Wed Dec 14 22:07:19 2022 -0800 @@ -20,9 +20,9 @@ "requests==2.26.0", "six", "rdflib>=6.2.0", - "pyjwt>=2.4.0", "cryptography>=38.0.3", "ipython>=8.6.0", + "jwskate>=0.5.0", ] requires-python = ">=3.10" license = { text = "MIT" }