Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Could not deserialize key data on decoding JWT python

I am using pyjwt library for decoding the JWT token. I got this error when I am decoding. The code was given in the documantation.

import jwt

encoded_jwt='''eyJ0eXAiOiJKV1QiLCJhbG......'''
secret=b''''-----BEGIN PUBLIC KEY-----
MIIFRjCCBC6gAwIBAgIQCIdSGhpikQCjOIY154XoqzANBgkqhkiG9w0BAQsFADBN
......
-----END PUBLIC KEY-----'''

print(jwt.decode(encoded_jwt, secret , algorithms=['RS256']))

raise ValueError("Could not deserialize key data.") ValueError: Could not deserialize key data.

Could You please help me in resolving it beacuse when I use this it in the JWT website it's working.

This is the full error log..

Traceback (most recent call last): File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/algorithms.py", line 205, in prepare_key key = load_pem_private_key(key, password=None, backend=default_backend()) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/primitives/serialization.py", line 20, in load_pem_private_key return backend.load_pem_private_key(data, password) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1014, in load_pem_private_key password, File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1233, in _load_key self._handle_key_loading_error() File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1291, in _handle_key_loading_error raise ValueError("Could not deserialize key data.") ValueError: Could not deserialize key data.

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/home/sathiyakugan/PycharmProjects/JWTsample/sample.py", line 45, in print(jwt.decode(encoded_jwt, secret , algorithms=['RS256'])) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/api_jwt.py", line 93, in decode jwt, key=key, algorithms=algorithms, options=options, **kwargs File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/api_jws.py", line 157, in decode key, algorithms) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/api_jws.py", line 221, in _verify_signature key = alg_obj.prepare_key(key) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/jwt/algorithms.py", line 207, in prepare_key key = load_pem_public_key(key, backend=default_backend()) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/primitives/serialization.py", line 24, in load_pem_public_key return backend.load_pem_public_key(data) File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1040, in load_pem_public_key self._handle_key_loading_error() File "/home/sathiyakugan/PycharmProjects/Python/venv/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1291, in _handle_key_loading_error raise ValueError("Could not deserialize key data.") ValueError: Could not deserialize key data.

Process finished with exit code 1

like image 429
Balakrishnan Sathiyakugan Avatar asked Nov 16 '18 12:11

Balakrishnan Sathiyakugan


People also ask

Could not deserialize key data The data may be in an?

The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.


3 Answers

Use the authlib library, I never managed to decode keycloak tokens with pyjwt. You need a public_key, I assume you have it.

from authlib.jose import jwt
key = '-----BEGIN PUBLIC KEY-----\n' + public_key + '\n-----END PUBLIC KEY-----'
key_binary = key.encode('ascii')

try:
    claims = jwt.decode(encoded,key_binary)
    claims.validate()
    #do some logic here
    #...

ProTip: you may grab the public key easily from your auth server (in my case Keycloak) at some endpoint:

url = 'http://localhost:8080/auth/realms/your_realm'
with  urllib.request.urlopen(url) as r:
    response = r.read()
    public_key = json.loads(response)['public_key']
like image 100
Tamás Panyi Avatar answered Oct 17 '22 12:10

Tamás Panyi


Its a good idea to use your RSA keys with OpenSSL:

openssl genrsa -out jwt-key 4096
openssl rsa -in jwt-key -pubout > jwt-key.pub

Reference: link

like image 37
Javad Asoodeh Avatar answered Oct 17 '22 11:10

Javad Asoodeh


There are some issues in the pyjwt library. and you must get the public key from the certificate.

I used openssl x509 -pubkey -noout -in cert.pem > pubkey.pem

then from the public key I could easily decode it using authlib library.

from authlib.specs.rfc7519 import jwt

encoded_jwt='''eyJ0eXAiOiJ....'''
secret=b'''-----BEGIN PUBLIC KEY-----
......
-----END PUBLIC KEY-----'''
claims = jwt.decode(encoded_jwt, secret)
print(claims)
like image 10
Balakrishnan Sathiyakugan Avatar answered Oct 17 '22 13:10

Balakrishnan Sathiyakugan