Closed
Bug 1073589
Opened 10 years ago
Closed 8 years ago
Use pyjwkest for all JWT tasks
Categories
(Marketplace Graveyard :: Code Quality, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: ashort, Unassigned)
Details
(Whiteboard: [repoman][marketplace-transition])
this will let us drop M2Crypto, for one thing.
|
||
Comment 1•10 years ago
|
||
How so? The pyjwkest docs don't say that it supports RSA signing which is what we needed m2crypto for. "This is Mozilla's fork of PyJWT which adds RSA algorithms, fixes some timing attacks, and makes a few other adjustments." ~ https://github.com/rtilder/pyjwt
|
Reporter | |
Comment 2•10 years ago
|
||
Hmm, it has jwkest.jwk.RSAKey, which supports signing etc. I didn't look at the docs.
|
|
||
Comment 3•10 years ago
|
||
it doesn't really have docs :) Well, that may work. We just need RSA signing for receipts.
|
|
||
Comment 4•10 years ago
|
||
if the code is based on PyJWT we should also check it for the timing attack: https://github.com/rtilder/pyjwt/commit/02956549b59da49d9e785164f1115ff4194e9375
|
||
Updated•10 years ago
|
Priority: -- → P3
|
||
Comment 5•10 years ago
|
||
(In reply to Allen Short [:ashort] from comment #0) > this will let us drop M2Crypto, for one thing. yesss
|
|
||
Updated•10 years ago
|
Assignee: nobody → kumar.mcmillan
|
|
||
Comment 6•10 years ago
|
||
Unassigning some repoman stuff until desktop payments is stable
Assignee: kumar.mcmillan → nobody
|
||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Whiteboard: [repoman] → [repoman][marketplace-transition]
You need to log in
before you can comment on or make changes to this bug.
Description
•