Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace python-jose dependency #565

Open
Jipje opened this issue May 2, 2024 · 2 comments · May be fixed by #566
Open

Replace python-jose dependency #565

Jipje opened this issue May 2, 2024 · 2 comments · May be fixed by #566
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@Jipje
Copy link

Jipje commented May 2, 2024
edited
Loading

A vulnerability has been found in the ecdsa dependency which will not be patched in the python-jose package. python-jose seems to be abandoned. Other people are also encountering these security issues.

I suggest to update authenticating-users/main.py to not use this insecure package. A commonly used alternative is PyJWT.
@Jipje
Copy link
Author

Jipje commented May 2, 2024

Further searching also shows that GoogleCloudPlatform/python-docs-samples/iap/validate_jwt.py could contain a potential solution

@Jipje Jipje linked a pull request May 2, 2024 that will close this issue
Open
@vchudnov-g vchudnov-g added type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. labels May 20, 2024
@vchudnov-g
Copy link

Thanks for reporting this issue! We'll address it promptly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace python-jose with google alternative Jipje/getting-started-python
2 participants
@vchudnov-g @Jipje