1. 技术文章
  2. Could not deserialize key data on decoding JWT python

Could not deserialize key data on decoding JWT python

早过忘川 提交于 2020-08-22 05:17:11

问题


I am using pyjwt library for decoding the JWT token. I got this error when I am decoding. The code was given in the documantation.

import jwt

encoded_jwt='''eyJ0eXAiOiJKV1QiLCJhbG......'''
secret=b''''-----BEGIN PUBLIC KEY-----
MIIFRjCCBC6gAwIBAgIQCIdSGhpikQCjOIY154XoqzANBgkqhkiG9w0BAQsFADBN
......
-----END PUBLIC KEY-----'''

print(jwt.decode(encoded_jwt, secret , algorithms=['RS256']))

raise ValueError("Could not deserialize key data.") ValueError: Could not deserialize key data.

Could You please help me in resolving it beacuse when I use this it in the JWT website it's working.

This is the full error log..

Traceback (most recent call last): File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/algorithms.py", line 205, in prepare_key key = load_pem_private_key(key, password=None, backend=default_backend()) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/primitives/serialization.py", line 20, in load_pem_private_key return backend.load_pem_private_key(data, password) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1014, in load_pem_private_key password, File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1233, in _load_key self._handle_key_loading_error() File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1291, in _handle_key_loading_error raise ValueError("Could not deserialize key data.") ValueError: Could not deserialize key data.

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/sathiyakugan/PycharmProjects/JWTsample/sample.py", line 45, in print(jwt.decode(encoded_jwt, secret , algorithms=['RS256'])) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/api_jwt.py", line 93, in decode jwt, key=key, algorithms=algorithms, options=options, **kwargs File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/api_jws.py", line 157, in decode key, algorithms) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/api_jws.py", line 221, in _verify_signature key = alg_obj.prepare_key(key) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/algorithms.py", line 207, in prepare_key key = load_pem_public_key(key, backend=default_backend()) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/primitives/serialization.py", line 24, in load_pem_public_key return backend.load_pem_public_key(data) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1040, in load_pem_public_key self._handle_key_loading_error() File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1291, in _handle_key_loading_error raise ValueError("Could not deserialize key data.") ValueError: Could not deserialize key data.

Process finished with exit code 1


回答1:


You have to create your RSA keys with OpenSSL:

openssl genrsa -out jwt-key 4096
openssl rsa -in jwt-key -pubout > jwt-key.pub

reference: enter link description here




回答2:


There are some issues in the pyjwt library. and you must get the public key from the certificate.

I used openssl x509 -pubkey -noout -in cert.pem > pubkey.pem

then from the public key I could easily decode it using authlib library.

from authlib.specs.rfc7519 import jwt

encoded_jwt='''eyJ0eXAiOiJ....'''
secret=b'''-----BEGIN PUBLIC KEY-----
......
-----END PUBLIC KEY-----'''
claims = jwt.decode(encoded_jwt, secret)
print(claims)



回答3:


How did you encode your jwt? Use one of the approaches below

Encoding & Decoding Tokens with RS256 (RSA)

encoded = jwt.encode({'some': 'payload'}, private_key, algorithm='RS256')
decoded = jwt.decode(encoded, public_key, algorithms='RS256')

Reading the Claimset without Validation

jwt.decode(encoded, verify=False)
{u'some': u'payload'}

Or use same secret to encode and decode the jwt, one of the approach should work. In my case I used jwt.decode(token, verify=False) because my server has already did the signature validation for me, I only need to get the claimset.




回答4:


Use the authlib library, I never managed to decode keycloak tokens with pyjwt. You need a public_key, I assume you have it.

from authlib.jose import jwt
key = '-----BEGIN PUBLIC KEY-----\n' + public_key + '\n-----END PUBLIC KEY-----'
key_binary = key.encode('ascii')

try:
    claims = jwt.decode(encoded,key_binary)
    claims.validate()
    #do some logic here
    #...

ProTip: you may grab the public key easily from your auth server (in my case Keycloak) at some endpoint:

url = 'http://localhost:8080/auth/realms/your_realm'
with  urllib.request.urlopen(url) as r:
    response = r.read()
    public_key = json.loads(response)['public_key']



回答5:


If you get this error double check your public key is exactly right, new lines are important.

key = '''-----BEGIN PUBLIC KEY-----
<main key here>
-----END PUBLIC KEY-----'''


来源:https://stackoverflow.com/questions/53337833/could-not-deserialize-key-data-on-decoding-jwt-python

标签
python
authentication
oauth
jwt
encode
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!