Project

General

Profile

Development #54740

idp_oidc: de nouveau du souci avec la gestion des clés OIDC

Added by Benjamin Dauvergne 8 days ago. Updated about 4 hours ago.

Status:
Solution déployée
Priority:
Normal
Category:
-
Target version:
-
Start date:
10 Jun 2021
Due date:
% Done:

0%

Estimated time:
Patch proposed:
Yes
Planning:
No

Description

https://jenkins.entrouvert.org/job/authentic/2064/ cet fois c'est le paramètre kty qui semble poser souci, je pense que c'est lié cette fois à la correction de Simo entre la version 0.9 et 0.9.1 suite au ticket ouvert par Valentin sur #54503.


Files

Associated revisions

Revision 7db6fe5b (diff)
Added by Benjamin Dauvergne 7 days ago

tests: move idp_oidc tests in a subdirectory (#54740)

Revision 0fb97846 (diff)
Added by Benjamin Dauvergne 7 days ago

idp_oidc: adapt to changes in jwcrypto 0.9.1 (#54740)

History

#1

Updated by Benjamin Dauvergne 8 days ago

Ah ben oui, y a plus de key._params (accéder à une donnée privée c'était le mal) : https://github.com/latchset/jwcrypto/commit/38ecf42dc85faa12e76924ed1d250ac63753e311 , ça explique bien le problème.

src/authentic2_idp_oidc/views.py:746: in token
    response = tokens_from_authz_code(request)
src/authentic2_idp_oidc/views.py:731: in tokens_from_authz_code
    'id_token': utils.make_idtoken(client, id_token),
src/authentic2_idp_oidc/utils.py:88: in make_idtoken
    jwk = get_first_ec_sig_key()
src/authentic2_idp_oidc/utils.py:71: in get_first_ec_sig_key
    return get_first_sig_key_by_type('EC')
src/authentic2_idp_oidc/utils.py:58: in get_first_sig_key_by_type
    if key._params['kty'] != kty:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = {"kid":"46c686ea-7d4e-41cd-a462-2125fc1dee0e","thumbprint":"uL9k_zxHtKFGPDF6KsTrAmejVdksF5HpPRUlCKo_-m0"}
item = '_params'

    def __getattr__(self, item):
        try:
            if item in JWKParamsRegistry.keys():
                if item in self.keys():
                    return self.get(item)
            kty = self.get('kty')
            if kty is not None:
                if item in list(JWKValuesRegistry[kty].keys()):
                    if item in self.keys():
                        return self.get(item)
            raise KeyError
        except KeyError:
>           raise AttributeError
E           AttributeError

/tmp/authentic-2064/tox-jenkins/authentic/authentic-py3-dj111-drf34/lib/python3.7/site-packages/jwcrypto/jwk.py:1058: AttributeError
#3

Updated by Benjamin Dauvergne 7 days ago

Je vais passer le premier commit directement, sans le lier à ce ticket, ne pas relire.

#4

Updated by Valentin Deniaud 7 days ago

  • Status changed from Solution proposée to Solution validée
#5

Updated by Benjamin Dauvergne 7 days ago

  • Status changed from Solution validée to Résolu (à déployer)
commit 0fb978467dcfc023a52d5db377c93f2c3517c99e
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Thu Jun 10 16:45:07 2021 +0200

    idp_oidc: adapt to changes in jwcrypto 0.9.1 (#54740)

commit 7db6fe5bf012a62f0ff702bad042d9e4ba38a77a
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Thu Jun 10 13:16:04 2021 +0200

    tests: move idp_oidc tests in a subdirectory (#54740)
#6

Updated by Frédéric Péters about 4 hours ago

  • Status changed from Résolu (à déployer) to Solution déployée

Also available in: Atom PDF