Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace pyjwkest #290

Open
jmbowman opened this issue Jan 9, 2023 · 2 comments
Open

Replace pyjwkest #290

jmbowman opened this issue Jan 9, 2023 · 2 comments
Assignees
@mumarkhan999

Comments

@jmbowman
Copy link
Contributor

jmbowman commented Jan 9, 2023

The pyjwkest package was abandoned upstream more than 3 years ago. Let's replace it with something more actively maintained. First check to see if the latest version of PyJWT (already used here) supports what we need from pyjwkest. If not, I nominate Authlib as seeming to cover the same functionality with much more usage and active maintenance, but feel free to do a quick search on PyPI or elsewhere for a better replacement.
@jmbowman jmbowman moved this to Todo in Arbi-BOM Jan 9, 2023
@jmbowman jmbowman added this to Arbi-BOM Jan 9, 2023
@jmbowman
Copy link
Contributor Author

jmbowman commented Jan 9, 2023

Maybe jpadilla/pyjwt#723 added what we need? Not sure without further digging into how this works.

@iamsobanjaved iamsobanjaved moved this from Todo to In Progress in Arbi-BOM Jan 18, 2023
@mumarkhan999 mumarkhan999 mentioned this issue Mar 16, 2023
Merged
@mumarkhan999 mumarkhan999 mentioned this issue Mar 29, 2023
Merged
This was referenced Apr 3, 2023
Closed
Closed
Closed
timmc-edx added a commit to openedx/edx-platform that referenced this issue Apr 18, 2023
@timmc-edx
feat: Add a script to enhance JWKs in preparation for move from pyjwkest
c4e9e4e 
This script accepts a signing JWK (presumably `JWT_PRIVATE_SIGNING_JWK`)
and ensures that it has all of the precomputed private numbers that are
required for top performance. This is necessary before moving away from
pyjwkest to PyJWT for signing JWTs. See issue
<openedx/edx-drf-extensions#290>. (Alternatively,
one could remove the p, q, dp, dq, and qi params, but there is an unknown
performance cost to doing so as we are not currently caching these keys,
and the precompution happens on every load due to the way pyjwkest's API
works.)
@timmc-edx timmc-edx mentioned this issue Apr 18, 2023
Merged
rgraber pushed a commit to openedx/edx-platform that referenced this issue Apr 20, 2023
@timmc-edx
feat: Add a script to enhance JWKs in preparation for move from pyjwk…
06969e6 
…est (#32089)

* feat: Add a script to enhance JWKs in preparation for move from pyjwkest

This script accepts a signing JWK (presumably `JWT_PRIVATE_SIGNING_JWK`)
and ensures that it has all of the precomputed private numbers that are
required for top performance. This is necessary before moving away from
pyjwkest to PyJWT for signing JWTs. See issue
<openedx/edx-drf-extensions#290>. (Alternatively,
one could remove the p, q, dp, dq, and qi params, but there is an unknown
performance cost to doing so as we are not currently caching these keys,
and the precompution happens on every load due to the way pyjwkest's API
works.)

* fixup! Upgrade devstack at the same time
@robrap
Copy link
Contributor

robrap commented Apr 21, 2023

Please see #333 for related discussion. I do not know if we have custom decoding code for asymmetric JWTs, or only for the symmetric JWTs.

@jmbowman jmbowman moved this from 2023 Q1 to 2023 Q3 in Platform-Core Roadmap Jul 27, 2023
This was referenced Sep 13, 2023
Merged
Merged
@mumarkhan999 mumarkhan999 mentioned this issue Nov 6, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mumarkhan999 mumarkhan999

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmbowman @robrap @mumarkhan999