Has anyone tried to parse the nested JWT, JWS + JWE, produced by CAS 5.x? If so, would you mind posting a snippet please? I've read that the python-jose library can check signatures but not decrypt the payload. Been trying to use jwcrypto but can't seem to get the step put together in the correct order. Admittedly, I am very new to python and may be just making newbie mistakes.
My understanding is the JWT from cas is header + encrypted payload with signature of these two combined, then all base64 encoded. Using this <https://apereo.github.io/cas/development/installation/Configure-ServiceTicket-JWT.html#jwt-validation---aes> doc showing java decode/decrypt as a guide: https://apereo.github.io/cas/development/installation/Configure-ServiceTicket-JWT.html#jwt-validation---aes Our cas settings are as follows, keys omitted below. cas.authn.token.crypto.signing.keySize=512 cas.authn.token.crypto.encryption.keySize=256 cas.authn.token.crypto.alg=AES cas.authn.token.crypto.enabled=true cas.authn.token.crypto.encryptionEnabled=true My feeble attempts so far look something like this: import base64 from jwcrypto import jwk, jwe, jws, jwt from jwcrypto.common import json_encode, json_decode token = 'eyJhbGciOiJIUzUxMiJ9.ZX....' # the base64 jwt signKey = jwk.JWK(kty='oct', k=signkeyStr) encKey = jwk.JWK(kty='oct', k=enckeyStr) E = jwe.JWE() # deserialize and decrypt E.deserialize(token) E.decrypt(encKey) raw_payload = E.payload Which results in: ........ File "/usr/local/Cellar/python/3.7.1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/json/__init__.py", line 348, in loads return _default_decoder.decode(s) File "/usr/local/Cellar/python/3.7.1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/json/decoder.py", line 337, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/local/Cellar/python/3.7.1/Frameworks/Python.framework/Versions/3.7/lib/python3.7/json/decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) ........ jwcrypto.jwe.InvalidJWEData: Unknown Data Verification Failure ........ jwcrypto.jwe.InvalidJWEData: Invalid format {InvalidJWEData('Unknown Data Verification Failure')} Thanks, William -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/760c3248-9a47-41d3-9612-7c5e34d4c961%40apereo.org.
