JWT authentication is broken when used with pyJWT 2.x
Describe the bug If your project includes the jira library and version 2.x or higher of the pyjwt library, then authentication using JWT breaks because the return type of an encoded JWT token has changed from byte string to regular string. More specifically, this breaks in requests_jwt, one of jira's other dependencies. However, that package is no longer being maintained and jira can specify the version of pyjwt it requires.
To Reproduce Steps to reproduce the behavior:
- Define a dependency of the latest versions of jira and pyjwt libraries for your project (I know this is terrible practice, but this is how we discovered it), e.g. in a Pipfile
[packages]
jira = "*"
pyjwt = "*"
- Try to authenticate a connection with JIRA using JWT
jwt_auth = {
'secret': 'my_shared_secret',
'payload': {
'iss': 'my_customer_key'
}
}
jira_client = JIRA(server=JIRA_INSTANCE, jwt=jwt_auth)
- An exception gets thrown from requests_jwt
Expected behavior No exception gets thrown and the JIRA connection is authenticated.
Stack Trace
File "/home/hnguyen/repos/my-project/./src/integrations/jira.py", line 123, in _enable_jwt_auth
self.jira = JIRA(server=self.JIRA_INSTANCE, jwt=jwt_auth)
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/jira/client.py", line 506, in __init__
si = self.server_info()
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/jira/client.py", line 2551, in server_info
j = self._get_json("serverInfo")
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/jira/client.py", line 3139, in _get_json
r = self._session.get(url, params=params)
File "/home/hnguyen/.local/share/virtualenvs/my-projecti-Wnn7ZrcD/lib/python3.8/site-packages/jira/resilientsession.py", line 172, in get
return self.__verb("GET", url, **kwargs)
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/jira/resilientsession.py", line 143, in __verb
response = method(url, timeout=self.timeout, **kwargs)
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/requests/sessions.py", line 555, in get
return self.request('GET', url, **kwargs)
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/requests/sessions.py", line 528, in request
prep = self.prepare_request(req)
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/requests/sessions.py", line 456, in prepare_request
p.prepare(
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/requests/models.py", line 320, in prepare
self.prepare_auth(auth, url)
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/requests/models.py", line 551, in prepare_auth
r = auth(self)
File "/home/hnguyen/.local/share/virtualenvs/my-project-Wnn7ZrcD/lib/python3.8/site-packages/requests_jwt.py", line 166, in __call__
request.headers['Authorization'] = self._header_format % token.decode('ascii')
AttributeError: 'str' object has no attribute 'decode'
Version Information Type of Jira instance:
- [X] Jira Cloud (Hosted by Atlassian)
- [ ] Jira Server or Data Center (Self-hosted)
Additional context Workaround is, obviously, pin pyjwt to v1.x in your project. However, the way that jira's package dependencies are configured, there is no way for it to warn you if you decide to use the latest version of pyjwt in your project, whether explicitly or out of carelessness.
Might be related to the requirements.txt change last month with 37055fda603b979527f4a50c3d883a6d1ed663c9
Might also be related to #1068
quick SO search showed this https://stackoverflow.com/a/68277540/2559785
can you check and if fixed close the issue?
I've raised a pull request in the package dependency to address this https://github.com/tgs/requests-jwt/pull/7.