Find solution
How to verify a JWT using python PyJWT with public key?

How to verify a JWT using python PyJWT with a public PEM cert?

  • I recently upgraded from PyJWT 0.4.1 to 1.0.1 and I can't figure out how to verify a JWT signed with a public key. My code looks like this: import jwt cert_string = "-----BEGIN CERTIFICATE-----\nMIICITCCAYqgAwIBAgIIBEsUSxL..." token_string = "eyJhbGciOiJSUzI1NiIsImtpZCI6I..." jwt.decode(token_string, cert_string, algorithms=['RS256']) The error I get is: File "<stdin>", line 1, in <module> File "~/.virtualenvs/project/lib/python2.7/site-packages/jwt/api.py", line 117, in decode key, algorithms, **kwargs) File "~/.virtualenvs/project/lib/python2.7/site-packages/jwt/api.py", line 176, in _verify_signature key = alg_obj.prepare_key(key) File "~/.virtualenvs/project/lib/python2.7/site-packages/jwt/algorithms.py", line 165, in prepare_key key = load_pem_public_key(key, backend=default_backend()) File "~/.virtualenvs/project/lib/python2.7/site-packages/cryptography/hazmat/primitives/serialization.py", line 24, in load_pem_public_key return backend.load_pem_public_key(data) File "~/.virtualenvs/project/lib/python2.7/site-packages/cryptography/hazmat/backends/multibackend.py", line 285, in load_pem_public_key return b.load_pem_public_key(data) File "~/.virtualenvs/project/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 716, in load_pem_public_key self._handle_key_loading_error() File "~/.virtualenvs/project/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 912, in _handle_key_loading_error raise ValueError("Could not unserialize key data.") ValueError: Could not unserialize key data. I'm confident my cert_string and token are good. The following code runs OK: from cryptography.x509 import load_pem_x509_certificate from cryptography.hazmat.backends import default_backend load_pem_x509_certificate(cert_string, default_backend()) My code that used to work with 0.4.1 looked like this: cert_string = "".join(cert_string.strip().split("\n")[1:-1]) der = a2b_base64(cert_string) cert = DerSequence() cert.decode(der) tbsCertificate = DerSequence() tbsCertificate.decode(cert[0]) subjectPublicKeyInfo = tbsCertificate[6] pub_key = RSA.importKey(subjectPublicKeyInfo) jwt.decode(token_string, pub_key) Any help would be appreciated.

  • Answer:

    You need to pass the public key instead of the full certificate to the decode method. So extract the key from the certificate in order to use it as in: from cryptography.x509 import load_pem_x509_certificate from cryptography.hazmat.backends import default_backend cert_str = "-----BEGIN CERTIFICATE-----MIIDETCCAfm..." cert_obj = load_pem_x509_certificate(cert_str, default_backend()) public_key = cert_obj.public_key() and then: token_string = "eyJhbGciOiJSUzI1NiIsImtpZCI6I..." jwt.decode(token_string, public_key, algorithms=['RS256'])

Lee at Stack Overflow Visit the source

Was this solution helpful to you?

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.