Mercurial > code > home > repos > href

changeset 42:530650b3bc40 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
something changed in pom to break pyjwt. switched to jwskate
author drewp@bigasterisk.com
date Wed, 14 Dec 2022 22:07:19 -0800
parents 293a694304b8
children
files get_agent.py pdm.lock pyproject.toml
diffstat 3 files changed, 62 insertions(+), 21 deletions(-) [+]
line wrap: on
line diff
--- a/get_agent.py	Sat Nov 19 17:18:55 2022 -0800
+++ b/get_agent.py	Wed Dec 14 22:07:19 2022 -0800
@@ -1,22 +1,24 @@
 import logging
 
 import bottle
-import jwt
 from rdflib import URIRef
-
+import requests
+from jwskate import Jwt, JwkSet
 log = logging.getLogger(__name__)
 
-jwks_client = jwt.PyJWKClient(uri='https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json')
-
+jwkset = JwkSet(requests.get('https://authenticate.bigasterisk.com/.well-known/pomerium/jwks.json').json())
 
 def bottleGetAgent() -> URIRef:
     pomAssertion = bottle.request.headers.get('X-Pomerium-Jwt-Assertion', None)
-
-    sk = jwks_client.get_signing_key_from_jwt(pomAssertion)
-    j = jwt.decode(pomAssertion, key=sk.key, algorithms=['ES256'], audience="bigasterisk.com")
-
+    log.debug('pomAssertion=%r', pomAssertion)
+    jwt = Jwt(pomAssertion)
+    jwt.validate(jwkset['keys'][0], #??
+                 algs=['ES256'], 
+                 issuer='authenticate.bigasterisk.com', 
+                 audience='bigasterisk.com')
+    log.debug('claims=%r', jwt.claims)
     foaf = {
         'drewpca@gmail.com': 'http://bigasterisk.com/foaf.rdf#drewp',
         'kelsimp@gmail.com': 'http://bigasterisk.com/kelsi/foaf.rdf#kelsi',
-    }[j['email']]
+    }[jwt.claims['email']]
     return URIRef(foaf)
--- a/pdm.lock	Sat Nov 19 17:18:55 2022 -0800
+++ b/pdm.lock	Wed Dec 14 22:07:19 2022 -0800
@@ -22,6 +22,12 @@
 summary = "Specifications for callback functions passed in to an API"
 
 [[package]]
+name = "backports.cached-property"
+version = "1.0.2"
+requires_python = ">=3.6.0"
+summary = "cached_property() - computed once per instance, cached as attribute"
+
+[[package]]
 name = "beautifulsoup4"
 version = "4.9.3"
 summary = "Screen-scraping library"
@@ -30,6 +36,15 @@
 ]
 
 [[package]]
+name = "binapy"
+version = "0.6.0"
+requires_python = ">=3.7,<4.0"
+summary = "Binary Data manipulation, for humans."
+dependencies = [
+    "typing-extensions<5.0.0,>=4.3.0",
+]
+
+[[package]]
 name = "bottle"
 version = "0.12.19"
 summary = "Fast and simple WSGI-framework for small web-applications."
@@ -212,6 +227,18 @@
 ]
 
 [[package]]
+name = "jwskate"
+version = "0.5.0"
+requires_python = ">=3.7,<4.0"
+summary = "A Pythonic implementation of Json Web Signature, Keys, Algorithms, Tokens and Encryption (RFC7514 to 7519), on top of the `cryptography` module."
+dependencies = [
+    "backports.cached-property<2,>=1",
+    "binapy<0.7.0,>=0.6.0",
+    "cryptography>=3.4",
+    "typing-extensions>=4.3.0",
+]
+
+[[package]]
 name = "lxml"
 version = "4.6.3"
 requires_python = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, != 3.4.*"
@@ -305,12 +332,6 @@
 ]
 
 [[package]]
-name = "pyjwt"
-version = "2.4.0"
-requires_python = ">=3.6"
-summary = "JSON Web Token implementation in Python"
-
-[[package]]
 name = "pymongo"
 version = "3.12.0"
 requires_python = ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*"
@@ -410,6 +431,12 @@
 summary = ""
 
 [[package]]
+name = "typing-extensions"
+version = "4.4.0"
+requires_python = ">=3.7"
+summary = "Backported and Experimental Type Hints for Python 3.7+"
+
+[[package]]
 name = "urllib3"
 version = "1.26.9"
 requires_python = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, <4"
@@ -430,7 +457,7 @@
 
 [metadata]
 lock_version = "4.0"
-content_hash = "sha256:d4ca5a2469569bb0eb202ae9989d5819c93de36c80ec386c6c774dab3841a525"
+content_hash = "sha256:407206cbe441429bb07d0fd6e3d16a68abf916478b8bb8557de75ac42fff1cf2"
 
 [metadata.files]
 "appnope 0.1.3" = [
@@ -449,11 +476,19 @@
     {url = "https://files.pythonhosted.org/packages/4c/1c/ff6546b6c12603d8dd1070aa3c3d273ad4c07f5771689a7b69a550e8c951/backcall-0.2.0-py2.py3-none-any.whl", hash = "sha256:fbbce6a29f263178a1f7915c1940bde0ec2b2a967566fe1c65c1dfb7422bd255"},
     {url = "https://files.pythonhosted.org/packages/a2/40/764a663805d84deee23043e1426a9175567db89c8b3287b5c2ad9f71aa93/backcall-0.2.0.tar.gz", hash = "sha256:5cbdbf27be5e7cfadb448baf0aa95508f91f2bbc6c6437cd9cd06e2a4c215e1e"},
 ]
+"backports.cached-property 1.0.2" = [
+    {url = "https://files.pythonhosted.org/packages/08/83/4cea5c665d2af765c02f7d8e8560b5918405c1d7d11ccfc60c4919c1cfd0/backports.cached-property-1.0.2.tar.gz", hash = "sha256:9306f9eed6ec55fd156ace6bc1094e2c86fae5fb2bf07b6a9c00745c656e75dd"},
+    {url = "https://files.pythonhosted.org/packages/eb/ae/69e52acdcf381b108b36d989ea58656de4a9ab8863aba6176d80d01041df/backports.cached_property-1.0.2-py3-none-any.whl", hash = "sha256:baeb28e1cd619a3c9ab8941431fe34e8490861fb998c6c4590693d50171db0cc"},
+]
 "beautifulsoup4 4.9.3" = [
     {url = "https://files.pythonhosted.org/packages/1c/d9/8c507915ff962b9e854b477b203c171074f59cce9465dac9f71c2b57ebd6/beautifulsoup4-4.9.3-py2-none-any.whl", hash = "sha256:4c98143716ef1cb40bf7f39a8e3eec8f8b009509e74904ba3a7b315431577e35"},
     {url = "https://files.pythonhosted.org/packages/6b/c3/d31704ae558dcca862e4ee8e8388f357af6c9d9acb0cad4ba0fbbd350d9a/beautifulsoup4-4.9.3.tar.gz", hash = "sha256:84729e322ad1d5b4d25f805bfa05b902dd96450f43842c4e99067d5e1369eb25"},
     {url = "https://files.pythonhosted.org/packages/d1/41/e6495bd7d3781cee623ce23ea6ac73282a373088fcd0ddc809a047b18eae/beautifulsoup4-4.9.3-py3-none-any.whl", hash = "sha256:fff47e031e34ec82bf17e00da8f592fe7de69aeea38be00523c04623c04fb666"},
 ]
+"binapy 0.6.0" = [
+    {url = "https://files.pythonhosted.org/packages/9f/4e/04b3218eb9d952c677c91315a19c28f93660ee539229639af50142d88583/binapy-0.6.0.tar.gz", hash = "sha256:1054b0ef1e6eccd941d4b23167ba4c5b1f5938960750686c421edc71af543fa7"},
+    {url = "https://files.pythonhosted.org/packages/b2/f3/fdf9adeaf8dc67645cfaa16412e0fbc10a1a0d17d81f74c1c3a3f560b712/binapy-0.6.0-py3-none-any.whl", hash = "sha256:6ffc2812df7f43a50ed45f451af8a6f851c87e347e3a071bb0f423a1a60d8a39"},
+]
 "bottle 0.12.19" = [
     {url = "https://files.pythonhosted.org/packages/bf/44/aeafdd6ca05a8e1c3f91eeeb272a202d5cb1b3b23730a5ca686a81c48d24/bottle-0.12.19-py3-none-any.whl", hash = "sha256:f6b8a34fe9aa406f9813c02990db72ca69ce6a158b5b156d2c41f345016a723d"},
     {url = "https://files.pythonhosted.org/packages/ea/80/3d2dca1562ffa1929017c74635b4cb3645a352588de89e90d0bb53af3317/bottle-0.12.19.tar.gz", hash = "sha256:a9d73ffcbc6a1345ca2d7949638db46349f5b2b77dac65d6494d45c23628da2c"},
@@ -628,6 +663,10 @@
     {url = "https://files.pythonhosted.org/packages/b3/0e/836f12ec50075161e365131f13f5758451645af75c2becf61c6351ecec39/jedi-0.18.1-py2.py3-none-any.whl", hash = "sha256:637c9635fcf47945ceb91cd7f320234a7be540ded6f3e99a50cb6febdfd1ba8d"},
     {url = "https://files.pythonhosted.org/packages/c2/25/273288df952e07e3190446efbbb30b0e4871a0d63b4246475f3019d4f55e/jedi-0.18.1.tar.gz", hash = "sha256:74137626a64a99c8eb6ae5832d99b3bdd7d29a3850fe2aa80a4126b2a7d949ab"},
 ]
+"jwskate 0.5.0" = [
+    {url = "https://files.pythonhosted.org/packages/83/25/ecbab5a4a5b80b8fd7cfc6635512a27bef87a2c3328de175d4f37bbb40c8/jwskate-0.5.0.tar.gz", hash = "sha256:b8708003dcfdfbc578893ffc27bd28522c5c3fe45725b624fdf4534b647cba76"},
+    {url = "https://files.pythonhosted.org/packages/ba/84/59913202cca3a40e5ca261583feb32a044985dad7eb5fc6679351ded09be/jwskate-0.5.0-py3-none-any.whl", hash = "sha256:05623c7425a11073850237841d404f515413d8ed67cf6fca093f8a91a449e055"},
+]
 "lxml 4.6.3" = [
     {url = "https://files.pythonhosted.org/packages/07/a1/01481822e261dde8b4a5a84dab15d24799d6a427cc388709a80cc2790f6f/lxml-4.6.3-cp39-cp39-manylinux1_i686.whl", hash = "sha256:7610b8c31688f0b1be0ef882889817939490a36d0ee880ea562a4e1399c447a1"},
     {url = "https://files.pythonhosted.org/packages/08/12/71ac925687fcabdd3ad9d664d2dd9515c530c748d806147c2fbefcdfb0bd/lxml-4.6.3-cp27-cp27m-win32.whl", hash = "sha256:bc4313cbeb0e7a416a488d72f9680fffffc645f8a838bd2193809881c67dd106"},
@@ -729,10 +768,6 @@
 "pyjade 4.0.0" = [
     {url = "https://files.pythonhosted.org/packages/4a/04/396ec24e806fd3af7ea5d0f3cb6c7bbd4d00f7064712e4dd48f24c02ca95/pyjade-4.0.0.tar.gz", hash = "sha256:8d95b741de09c4942259fc3d1ad7b4f48166e69cef6f11c172e4b2c458b1ccd7"},
 ]
-"pyjwt 2.4.0" = [
-    {url = "https://files.pythonhosted.org/packages/1c/fb/b82e9601b00d88cf8bbee1f39b855ae773f9d5bcbcedb3801b2f72460696/PyJWT-2.4.0-py3-none-any.whl", hash = "sha256:72d1d253f32dbd4f5c88eaf1fdc62f3a19f676ccbadb9dbc5d07e951b2b26daf"},
-    {url = "https://files.pythonhosted.org/packages/d8/6b/6287745054dbcccf75903630346be77d4715c594402cec7c2518032416c2/PyJWT-2.4.0.tar.gz", hash = "sha256:d42908208c699b3b973cbeb01a969ba6a96c821eefb1c5bfe4c390c01d67abba"},
-]
 "pymongo 3.12.0" = [
     {url = "https://files.pythonhosted.org/packages/00/f5/756d2a7bca3d51e3fb390274710772154eddbb78f07b3361a2e35732531c/pymongo-3.12.0-cp36-cp36m-manylinux2014_i686.whl", hash = "sha256:d73e10772152605f6648ba4410318594f1043bbfe36d2fadee7c4b8912eff7c5"},
     {url = "https://files.pythonhosted.org/packages/02/31/92d2ca39bd33c0889ad4c474bfd3bea141463bf5c9de18b7c6310f93195d/pymongo-3.12.0-cp34-cp34m-manylinux1_i686.whl", hash = "sha256:aaa038eafb7186a4abbb311fcf20724be9363645882bbce540bef4797e812a7a"},
@@ -879,6 +914,10 @@
     {url = "https://files.pythonhosted.org/packages/dd/a8/278742d17c9e95ccb0dcb86ae216df114d2166d88e72f42b60a7b58b600b/traitlets-5.5.0.tar.gz", hash = "sha256:b122f9ff2f2f6c1709dab289a05555be011c87828e911c0cf4074b85cb780a79"},
     {url = "https://files.pythonhosted.org/packages/ed/f9/caefd8c90955184e7426ef930e38c185e047169b520b35bdd57d341d03f4/traitlets-5.5.0-py3-none-any.whl", hash = "sha256:1201b2c9f76097195989cdf7f65db9897593b0dfd69e4ac96016661bb6f0d30f"},
 ]
+"typing-extensions 4.4.0" = [
+    {url = "https://files.pythonhosted.org/packages/0b/8e/f1a0a5a76cfef77e1eb6004cb49e5f8d72634da638420b9ea492ce8305e8/typing_extensions-4.4.0-py3-none-any.whl", hash = "sha256:16fa4864408f655d35ec496218b85f79b3437c829e93320c7c9215ccfd92489e"},
+    {url = "https://files.pythonhosted.org/packages/e3/a7/8f4e456ef0adac43f452efc2d0e4b242ab831297f1bac60ac815d37eb9cf/typing_extensions-4.4.0.tar.gz", hash = "sha256:1511434bb92bf8dd198c12b1cc812e800d4181cfcb867674e0f8279cc93087aa"},
+]
 "urllib3 1.26.9" = [
     {url = "https://files.pythonhosted.org/packages/1b/a5/4eab74853625505725cefdf168f48661b2cd04e7843ab836f3f63abf81da/urllib3-1.26.9.tar.gz", hash = "sha256:aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e"},
     {url = "https://files.pythonhosted.org/packages/ec/03/062e6444ce4baf1eac17a6a0ebfe36bb1ad05e1df0e20b110de59c278498/urllib3-1.26.9-py2.py3-none-any.whl", hash = "sha256:44ece4d53fb1706f667c9bd1c648f5469a2ec925fcf3a776667042d645472c14"},
--- a/pyproject.toml	Sat Nov 19 17:18:55 2022 -0800
+++ b/pyproject.toml	Wed Dec 14 22:07:19 2022 -0800
@@ -20,9 +20,9 @@
     "requests==2.26.0",
     "six",
     "rdflib>=6.2.0",
-    "pyjwt>=2.4.0",
     "cryptography>=38.0.3",
     "ipython>=8.6.0",
+    "jwskate>=0.5.0",
 ]
 requires-python = ">=3.10"
 license = { text = "MIT" }