I have two different software environments (Environment A and Environment B) and I'm trying to run PyJWT on both environments. It is working perfectly fine on one environment Environment A but fail on Environment B.
The error I'm getting on Environment B when I call jwt.encode() with algorithm == ES is: Algorithm not supported.
I'm trying to figure out why it works on Environment A but not Environment B. It seems like the two environments have different versions of PyJWT installed. But determining which version of PyJWT is installed on Environment B is proving difficult for me. How can I do it??
I ran the following instrumented code on both Environment A and Environment B:
import jwt, cryptography, sys, pkg_resources
my_private_key = """XXXXX"""
my_public_key = """YYYYYY"""
original = {"Hello": "World"}
print "sys.version = {}".format(str(sys.version))
try:
print "dir(jwt) = {}".format(str(dir(jwt)))
except Exception as e:
print "Failed to get dir of jwt module: {}".format(e)
try:
print "dir(cryptography) = {}".format(str(dir(cryptography)))
except Exception as e:
print "Failed to get dir of cryptography module: {}".format(e)
try:
print "jwt = {}".format(str(jwt.__version__))
except Exception as e:
print "Failed to get version of jwt module using .__version: {}".format(e)
try:
print "cryptography = {}".format(str(cryptography.__version__))
except Exception as e:
print "Failed to get version of cryptography module using .__version: {}".format(e)
try:
print "pkg_resources.require('jwt')[0].version = {}".format(str(pkg_resources.require("jwt")[0].version))
except Exception as e:
print "Failed to get version of jwt module via pkg_resources: {}".format(e)
try:
print "pkg_resources.require('cryptography')[0].version = {}".format(str(pkg_resources.require("cryptography")[0].version))
except Exception as e:
print "Failed to get version of cryptography module via pkg_resources: {}".format(e)
try:
print "original = {}".format(str(original))
encoded = jwt.encode(original, my_private_key, algorithm='ES256')
except Exception as e:
print "encoding exception = {}".format(str(e))
else:
try:
print "encoded = {}".format(str(encoded))
unencoded = jwt.decode(encoded, my_public_key, algorithms=['ES256'])
except Exception as e:
print "decoding exception = {}".format(str(e))
else:
print "unencoded = {}".format(str(unencoded))
On Environment A, the encoding succeeds:
sys.version = 2.7.12 (default, Sep 1 2016, 22:14:00)
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)]
dir(jwt) = ['DecodeError', 'ExpiredSignature', 'ExpiredSignatureError', 'ImmatureSignatureError', 'InvalidAudience', 'InvalidAudienceError', 'InvalidIssuedAtError', 'InvalidIssuer', 'InvalidIssuerError', 'InvalidTokenError', 'MissingRequiredClaimError', 'PyJWS', 'PyJWT', '__author__', '__builtins__', '__copyright__', '__doc__', '__file__', '__license__', '__name__', '__package__', '__path__', '__title__', '__version__', 'algorithms', 'api_jws', 'api_jwt', 'compat', 'decode', 'encode', 'exceptions', 'get_unverified_header', 'register_algorithm', 'unregister_algorithm', 'utils']
dir(cryptography) = ['__about__', '__all__', '__author__', '__builtins__', '__copyright__', '__doc__', '__email__', '__file__', '__license__', '__name__', '__package__', '__path__', '__summary__', '__title__', '__uri__', '__version__', 'absolute_import', 'division', 'exceptions', 'hazmat', 'print_function', 'sys', 'utils', 'warnings']
jwt = 1.4.2
cryptography = 1.5.2
Failed to get version of jwt module via pkg_resources: jwt
pkg_resources.require('cryptography')[0].version = 1.5.2
original = {'Hello': 'World'}
encoded = eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJIZWxsbyI6IldvcmxkIn0.ciaXCcO2gTqsQ4JUEKj5q4YX6vfHu33XY32g2MNIVEDXHNllpuqDCj-cCrlGPf6hGNifAJbNI9kBaAyuCIwyJQ
unencoded = {u'Hello': u'World'}
On Environment B the the encoding fails. You can see that I cannot tell what version of PyJWT is running. However this version of PyJWT doesn't have the algorithm ES256 that I'm trying to use:
sys.version = 2.7.12 (default, Sep 1 2016, 22:14:00)
[GCC 4.8.3 20140911 (Red Hat 4.8.3-9)]"
dir(jwt) = ['DecodeError', 'ExpiredSignature', 'Mapping', 'PKCS1_v1_5', 'SHA256', 'SHA384', 'SHA512', '__all__', '__builtins__', '__doc__', '__file__', '__name__', '__package__', '__path__', 'base64', 'base64url_decode', 'base64url_encode', 'binascii', 'constant_time_compare', 'datetime', 'decode', 'encode', 'hashlib', 'header', 'hmac', 'json', 'load', 'signing_methods', 'sys', 'timegm', 'unicode_literals', 'verify_methods', 'verify_signature']
dir(cryptography) = ['__about__', '__all__', '__author__', '__builtins__', '__copyright__', '__doc__', '__email__', '__file__', '__license__', '__name__', '__package__', '__path__', '__summary__', '__title__', '__uri__', '__version__', 'absolute_import', 'division', 'print_function', 'sys', 'warnings']
Failed to get version of jwt module using .__version: 'module' object has no attribute '__version__'
cryptography = 1.5.2
Failed to get version of jwt module via pkg_resources: jwt
pkg_resources.require('cryptography')[0].version = 1.5.2
original = {'Hello': 'World'}
encoding exception = Algorithm not supported
The PyJWT .__version__ attribute appeared in 0.2.2 in this commit.
Generally, to find the version of the package, that was installed via setuptools, you need to run following code:
import pkg_resources
print pkg_resources.require("jwt")[0].version
If pip was used to install the package, you could try from linux shell:
pip show jwt | grep Version
Same thing from inside the python:
import pip
print next(pip.commands.show.search_packages_info(['jwt']))['version']