1

I'm trying to set up auth0 and I'm running into problems. I can get my token and when I go to jwt.io it decodes it correctly but I can't decode it with python. When I try I get this error

AuthError: ({'code': 'invalid_header', 'description': 'Unable to parse authentication token.'}, 400)

File "/usr/local/lib/python3.5/dist-packages/jose/jws.py", line 263, in _verify_signature
raise JWSSignatureError()
During handling of the above exception, another exception occurred:
File "/usr/local/lib/python3.5/dist-packages/jose/jwt.py", line 132, in decode
payload = jws.verify(token, key, algorithms, verify=verify_signature)
File "/usr/local/lib/python3.5/dist-packages/jose/jws.py", line 75, in verify
_verify_signature(signing_input, header, signature, key, algorithms)
File "/usr/local/lib/python3.5/dist-packages/jose/jws.py", line 265, in _verify_signature
raise JWSError('Signature verification failed.')
During handling of the above exception, another exception occurred:
File "/home/mike/fullstack2/auth0/app.py", line 86, in verify_decode_jwt
issuer='https://dcadventuresonline.us.auth0.com/'
File "/usr/local/lib/python3.5/dist-packages/jose/jwt.py", line 134, in decode
raise JWTError(e)

I can get the token with this code:


@app.route('/callback')
def callback():
    payload = {'grant_type':'client_credentials',
                'client_id':'JXHzBwF6DPiXU2fBjPe1Nd7bYPC6vZ0o',
                'client_secret':'aSEqerZw31L19r9QzdcbrLBIVY3i2WD3U6Cd2kBwY0MIKWJrlMNny6A7nySzlSS1',
                'audience':'image'
                }
    request_headers = { 'content-type': "application/x-www-form-urlencoded" }

    url = "https://dcadventuresonline.us.auth0.com/oauth/token"

    response = requests.post(url=url, headers=request_headers, data=payload)
    print(response.json())
    data = response.json()
    token = data['access_token']

but I can't decode it with this code:

def verify_decode_jwt(token):
    print(token)
    jsonurl = urlopen('https://dcadventuresonline.us.auth0.com/.well-known/jwks.json')
    jwks = json.loads(jsonurl.read().decode('utf-8'))
    print(jwks)
    rsa_key = {}

    for key in jwks['keys']:
        #if key['kid'] == unverified_header['kid']:
        rsa_key = {
            'kty': key['kty'],
            'kid': key['kid'],
            'use': key['use'],
            'n': key['n'],
            'e': key['e']
            }
    if rsa_key:
        try:
            payload = jwt.decode(
                token,
                rsa_key,
                algorithms=['RS256'],
                audience='image',
                issuer='https://dcadventuresonline.us.auth0.com/'
            )

            return payload

        except jwt.ExpiredSignatureError:
            raise AuthError({
                'code': 'token_expired',
                'description': 'Token expired.'
            }, 401)

        except jwt.JWTClaimsError:
            raise AuthError({
                'code': 'invalid_claims',
                'description': 'Incorrect claims. Please, check the audience and issuer.'
            }, 401)
        except Exception:
            raise AuthError({
                'code': 'invalid_header',
                'description': 'Unable to parse authentication token.'
            }, 400)
    raise AuthError({
                'code': 'invalid_header',
                'description': 'Unable to find the appropriate key.'
            }, 400)

what is going wrong here?

jps
  • 20,041
  • 15
  • 75
  • 79
Michael Wycklendt
  • 159
  • 2
  • 11

1 Answers1

0
def verify_decode_jwt(token):
    jsonurl = urlopen(f'https://{AUTH0_DOMAIN}/.well-known/jwks.json')
    jwks = json.loads(jsonurl.read())
    unverified_header = jwt.get_unverified_header(token)
    rsa_key = {}
    if 'kid' not in unverified_header:
        raise AuthError({
            'code': 'invalid_header',
            'description': 'Authorization malformed.'
        }, 401)

    for key in jwks['keys']:
        if key['kid'] == unverified_header['kid']:
            rsa_key = {
                'kty': key['kty'],
                'kid': key['kid'],
                'use': key['use'],
                'n': key['n'],
                'e': key['e']
            }
    if rsa_key:
        try:
            payload = jwt.decode(
                token,
                rsa_key,
                algorithms=ALGORITHMS,
                audience=API_AUDIENCE,
                issuer='https://' + AUTH0_DOMAIN + '/'
            )

            return payload

        except jwt.ExpiredSignatureError:
            raise AuthError({
                'code': 'token_expired',
                'description': 'Token expired.'
            }, 401)

        except jwt.JWTClaimsError:
            raise AuthError({
                'code': 'invalid_claims',
                'description': 'Incorrect claims. Please, check the audience and issuer.'
            }, 401)
        except Exception:
            raise AuthError({
                'code': 'invalid_header',
                'description': 'Unable to parse authentication token.'
            }, 400)
    raise AuthError({
        'code': 'invalid_header',
                'description': 'Unable to find the appropriate key.'
    }, 400)
GrayXcode
  • 1
  • 1
  • 1
    Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Aug 26 '22 at 14:15