I am trying to perform jwt.encode
on a small request message with a private key that I am retrieving from DynamoDB. My work station is Mac OS.
The code works in my local environment but failed when I tried to execute it in AWS lambda python3.7 environment. Any suggestions on how to solve this issue?
{
"errorMessage": "Invalid PKCS8 header",
"errorType": "JWSError",
"stackTrace": [
" File \"/var/task/lambda_function.py\", line 228, in lambda_handler\n response = send_request(url, body=body)\n",
" File \"/var/task/lambda_function.py\", line 67, in send_request\n token = _gen_jwt(private_key)\n",
" File \"/var/task/lambda_function.py\", line 52, in _gen_jwt\n token = jwt.encode(payload, private_key, algorithm='RS256', headers=headers)\n",
" File \"/var/task/jose/jwt.py\", line 61, in encode\n return jws.sign(claims, key, headers=headers, algorithm=algorithm)\n",
" File \"/var/task/jose/jws.py\", line 47, in sign\n signed_output = _sign_header_and_claims(encoded_header, encoded_payload, algorithm, key)\n",
" File \"/var/task/jose/jws.py\", line 168, in _sign_header_and_claims\n raise JWSError(e)\n"
]
}
This issue was resolved after I rebuild my lambda package within a Linux environment and redeploy to AWS Lambda.
I created a docker image from python3.7.4 and deploy the package to lambda from within the container.
This solution also solves the issue:
ImportError: /var/task/cryptography/hazmat/bindings/_constant_time.so: invalid ELF header
According to https://github.com/pyca/cryptography/issues/3051