Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attribute Error '_RSAPrivateKey' object has no attribute 'verifier' on successful authentication #365

Open
RafterGit opened this issue Aug 2, 2020 · 1 comment
Open

Attribute Error '_RSAPrivateKey' object has no attribute 'verifier' on successful authentication #365

RafterGit opened this issue Aug 2, 2020 · 1 comment

Comments

@RafterGit
Copy link

Hello ,

I'm currently testing my local environment against an OIDC provider. Via postman, I am able confirm that all of these endpoints are correct and I'm able to hit the USER_INFO endpoint with a bearer token created by the provider.

However, though I'm able to see in the logs that my service is using mozilla_django_oidc and successfully getting a response from the USER_INFO endpoint( json response with user profile info , etc.) . My application stops on this error:

Exception Type: AttributeError
Exception Type: '_RSAPrivateKey' object has no attribute 'verifier'
Exception Location: /usr/local/lib/python3.8/site-packages/josepy/util.py in __getattr__, line 93
--


I've configured the following in my settings.py:

OIDC_OP_AUTHORIZATION_ENDPOINT = os.environ['OIDC_OP_AUTHORIZATION_ENDPOINT']
OIDC_OP_TOKEN_ENDPOINT = os.environ['OIDC_OP_TOKEN_ENDPOINT']
OIDC_OP_USER_ENDPOINT = os.environ['OIDC_OP_USER_ENDPOINT']
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'
OIDC_DRF_AUTH_BACKEND = 'mozilla_django_oidc.auth.OIDCAuthenticationBackend'
OIDC_RP_SIGN_ALGO = 'RS256'
OIDC_RP_CLIENT_ID = os.environ['OIDC_RP_CLIENT_ID']
# not needed by provider
OIDC_RP_CLIENT_SECRET = ''
OIDC_RP_IDP_SIGN_KEY =  os.environ['PRIVATE_KEY']
OIDC_OP_JWKS_ENDPOINT = os.environ['OIDC_OP_JWKS_ENDPOINT']

--

    MIDDLEWARE = (
        ...
        'mozilla_django_oidc.middleware.SessionRefresh',
    )

   REST_FRAMEWORK = {
       ...
        'DEFAULT_AUTHENTICATION_CLASSES': (
            'mozilla_django_oidc.contrib.drf.OIDCAuthentication',
        )
    }

    AUTHENTICATION_BACKENDS = (
        'mozilla_django_oidc.auth.OIDCAuthenticationBackend',
    )

and my requirements.txt:

python_jwt==3.2.6
mozilla-django-oidc==1.2.3
djangorestframework==3.11.0
Django==3.0.8
django-configurations==2.2

Looking up those who've come across similar issues have suggested I use my public cert in lieu of my private cert. Swtching this setting OIDC_RP_IDP_SIGN_KEY to user my public cert results in the following error:

Exception Value: | 'bytes' object has no attribute 'verifier'
Exception Type: /usr/local/lib/python3.8/site-packages/josepy/jwa.py in verify, line 134
Exception Location: /usr/local/bin/python
@JulienFS
Copy link

If you are using the OIDC_OP_JWKS_ENDPOINT endpoint then you probably don't need the OIDC_RP_IDP_SIGN_KEY. The endpoint is used to fetch the public key. And indeed OIDC_RP_IDP_SIGN_KEY should contain your OIDC provider's public key.
Be careful with the format of the key, it's sensitive and defaults byte-like key which in turn fails : #505 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RafterGit @JulienFS