JWE Validation Issue: Failing in Python 3.8 but Successful in Python 3.12

Question

I’m encountering an issue with JSON Web Encryption (JWE) validation. Specifically, JWE validation fails for POST requests in Python 3.8 but succeeds when running the same code in Python 3.12. Here are the details:

Python Versions:
Python 3.8 (Fails)
Python 3.12 (Succeeds)
Library Versions:
Python 3.8 (Fails): Authlib==1.3.2, cryptography==43.0.1, requests==2.32.3
Python 3.12 (Succeeds): Authlib==1.3.2, cryptography==43.0.1, requests==2.32.3

Error message(in Python 3.8):

response.json()= {'version': '2.0', 'apiResponse': {'responseMessageId': 'd147e669-90e1-4a8e-8f5c-cf1134a02363', 'responseToRequestMessageId': '0HN6CK689JMIK:00000002', 'responseCode': 'PC-B050095', 'responseDescription': 'Invalid request received', 'responseDateTime': '2024-09-04T11:12:21.8555568Z', 'responseTime': 0, 'acquirerResponseCode': None, 'acquirerResponseDescription': None, 'eciValue': None, 'marketingDescription': "PC-B050095 : Received request is invalid: Couldn't read token: Couldn't validate JWE token"}}

Code(in both versions):

import json
import uuid
import datetime
from authlib.jose import JsonWebSignature, JsonWebEncryption, JsonWebKey
import requests

def sign_request(payload):
jws_header = {
"alg": jws_algorithm,
"typ": token_type
}
signing_key = JsonWebKey.import_key(merchant_signing_private_key_pem, {'kty': 'RSA'})
jws = JsonWebSignature().serialize_compact(jws_header, payload, signing_key)

return jws

def encrypt_request(signature):
headers = {
"alg": jwe_algorithm,
"enc": jwe_encryption_algorithm,
"kid": encryption_key_id,
"typ": token_type
}
encrypting_key = JsonWebKey.import_key(paco_encryption_public_key_pem, {'kty': 'RSA'})
jwe = JsonWebEncryption().serialize_compact(headers, signature, encrypting_key)
return jwe
request = {
"apiRequest": {
"requestMessageID": str(uuid.uuid4()),
"requestDateTime": str(datetime.datetime.now(datetime.UTC).isoformat()),
"language": "en-US"
},
"officeId": merchant_id,
"paymentType": "CC",
"paymentCategory": "ECOM",
"orderNo": order_no,
"productDescription": "Merchant Test Tool " + order_no,
"mcpFlag": "N",
"transactionAmount": {
"currencyCode": "NPR",
"amount": "1",
"decimalPlaces": 2,
"amountText": "000000000100"},
"request3dsFlag": "N",
"autoRedirectDelayTimer": 5,
"notificationURLs": {
"confirmationURL": "http://localhost/hbldemo/?payment=success",
"failedURL": "http://localhost/hbldemo/?payment=failed",
"cancellationURL": "http://localhost/hbldemo/?payment=cancel",
"backendURL": "http://localhost/hbldemo/?payment=backend"
},
"recurringPaymentDetails": {
"rppFlag": "N"
},
"generalPayerDetails": {
"personType": "General",
"seqNo": 1,
"personName": {
"title": "Mr.",
"firstName": "Merchant Test Tool User"}
},
"installmentPaymentDetails": {
"ippFlag": "N"
}
}
headers = {
'Accept': 'application/jose;',
'CompanyApiKey': access_token,
'Content-Type': 'application/jose; charset=utf-8'
}
payload = {
"request": request,
"iss": access_token,
"aud": "PacoAudience",
"CompanyApiKey": access_token,
"iat": int(now.timestamp()),
"nbf": int(now.timestamp()),
"exp": int((now + datetime.timedelta(hours=1)).timestamp())
}
string_payload = json.dumps(payload)

signed_request = sign_request(payload=string_payload)
encrypted_request = encrypt_request(signature=signed_request)

response = requests.post(payment_url, data=encrypted_request, headers=headers)

However in python 3.8, I had to change now = datetime.datetime.utcnow()and another field in request to:

"apiRequest": {
"requestMessageID": str(uuid.uuid4()),
"requestDateTime": str(datetime.datetime.utcnow().isoformat())',
"language": "en-US"
}

I tried downgrading to other versions of cryptography as well as requests package. I also tried downgrading to another version of authlib, however it showed segmentation Fault. I also tried constructing the JWE in this case using cryptography module by myself, and it was successful too. However I got the same issue while constructing JWE myself using pyjwt and cryptography.