Djangorestframework-simplejwt: Simple jwt breaks when Secret Key is put into environment variable on Google App Engine

Created on 31 May 2021  路  3Comments  路  Source: jazzband/djangorestframework-simplejwt

In a project hosted on Google App Engine, I receive this error message as soon as I put the secret key into an environment variable and try to create a secret key at the jwt/create endpoint:

TypeError at /api/v1/auth/jwt/create/ Expected a string value

The key is stored in the apps yaml file as SECRET_KEY_ENV and loaded in Django's settings file like this:

SECRET_KEY = str(os.environ["SECRET_KEY_ENV"]),

The Database environment variables are loaded in exactly the same manner and everything is working fine.

The first time the key pops up in the error message is in this file:

/layers/google.python.pip/pip/lib/python3.9/site-packages/jwt/api_jwt.py, line 63, in encode

and in this form:

key : ('ai0eobey86soimfxb6ax4uqdmo49yiauxchgnspsh',)

from there he gets passed on to:

/layers/google.python.pip/pip/lib/python3.9/site-packages/jwt/api_jws.py, line 110, in encode
/layers/google.python.pip/pip/lib/python3.9/site-packages/jwt/algorithms.py, line 180, in prepare_key
/layers/google.python.pip/pip/lib/python3.9/site-packages/jwt/utils.py, line 21, in force_bytes

without being changed and the last file "utils.py"is the one raising the error message. I have tried changing the variable name, removing special characters from the key, moving the definition around inside the settings file, nothing works. As soon as I put it back into cleartext, it works fine but I can't keep doing that for obvious security reasons.

How can I fix this? Thanks and BR

question

All 3 comments

Probably because you set the key to be a tuple: key : ('your_key' , ). Notice that , is creating that tuple. Notice how you set it: SECRET_KEY = str(os.environ["SECRET_KEY_ENV"]), see that ,? Remove it and it should work!

Hope that helps (closing since this is not really simplejwt's problem; just a misconfig between your local and prod environment)!

It threw me off that Django handled it and showed the Secret key as string in the debug window while it was JWT that threw the error message in the end. Removing the colon fixed it. Thank you Andrew!

Was this page helpful?
0 / 5 - 0 ratings