0

I'm roughly following this SO questions, and this article. The use case in each is just a bit different than mine.

I'm trying to, given the token and url only, decode the JTW token received from Auth0;

def get_key():  

    KEY_URL = r"https://dev-dluzlcxa.us.auth0.com/pem"
    filename = wget.download(KEY_URL)
    public_key = open(filename, 'r').read()
    key = public_key.encode()
    return key


token = get_token()
key = get_key()
jwt.decode(token, key=key, algorithms=['RS256', ])

For security reasons, I'm not providing the token (or the get_token()) method here, but I have verified using jwt.io that I, indeed, have a valid token. I'v tried various permutations but nothing seems to get me there.

My latest error, in a slew of them, is this;

ValueError: ('Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).', [_OpenSSLErrorWithText(code=151584876, lib=9, reason=108, reason_text=b'error:0909006C:PEM routines:get_name:no start line')])
SteveJ
  • 3,034
  • 2
  • 27
  • 47

1 Answers1

-1

I was able to find a solution (note, this is using Auth0 as a provider.)

import jwt
import http.client
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
from jwt import PyJWKClient
import pprint


AUTH_ENDPOINT=<your auth endpoint>
AUDIENCE = <your app>
CLIENT_ID = <your client id>
CLIENT_SECRET = <your client secret>
PUBLIC_KEY_URL = fr"https://{AUTH_ENDPOINT}/.well-known/jwks.json"



def get_token():

    conn = http.client.HTTPSConnection(AUTH_ENDPOINT)

    payload = dict(
        client_id=CLIENT_ID,
        client_secret=CLIENT_SECRET,
        audience=AUDIENCE,
        grant_type=r"client_credentials"
    )
    
    headers = { 'content-type': "application/json" }

    conn.request("POST", "/oauth/token", json.dumps(payload), headers)

    res = conn.getresponse()
    data = res.read()
    
    message = json.loads(data.decode("utf-8"))
    token = message['access_token']
    return token;


def decode(token: str):

    jwks_client = PyJWKClient(PUBLIC_KEY_URL)
    signing_key = jwks_client.get_signing_key_from_jwt(token)
    data = jwt.decode(
        token,
        signing_key.key,
        algorithms=["RS256"],
        audience=AUDIENCE,
        options={"verify_exp": False},)
    return data


token = get_token()
data=decode(token)
pprint.pprint(data)
SteveJ
  • 3,034
  • 2
  • 27
  • 47