Closed
Bug 1073589
Opened 10 years ago
Closed 8 years ago
Use pyjwkest for all JWT tasks
Categories
(Marketplace Graveyard :: Code Quality, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: ashort, Unassigned)
Details
(Whiteboard: [repoman][marketplace-transition])
this will let us drop M2Crypto, for one thing.
Comment 1•10 years ago
|
||
How so? The pyjwkest docs don't say that it supports RSA signing which is what we needed m2crypto for. "This is Mozilla's fork of PyJWT which adds RSA algorithms, fixes some timing attacks, and makes a few other adjustments." ~ https://github.com/rtilder/pyjwt
Reporter | ||
Comment 2•10 years ago
|
||
Hmm, it has jwkest.jwk.RSAKey, which supports signing etc. I didn't look at the docs.
Comment 3•10 years ago
|
||
it doesn't really have docs :) Well, that may work. We just need RSA signing for receipts.
Comment 4•10 years ago
|
||
if the code is based on PyJWT we should also check it for the timing attack: https://github.com/rtilder/pyjwt/commit/02956549b59da49d9e785164f1115ff4194e9375
Updated•10 years ago
|
Priority: -- → P3
Comment 5•10 years ago
|
||
(In reply to Allen Short [:ashort] from comment #0) > this will let us drop M2Crypto, for one thing. yesss
Updated•10 years ago
|
Assignee: nobody → kumar.mcmillan
Comment 6•10 years ago
|
||
Unassigning some repoman stuff until desktop payments is stable
Assignee: kumar.mcmillan → nobody
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Whiteboard: [repoman] → [repoman][marketplace-transition]
You need to log in
before you can comment on or make changes to this bug.
Description
•