From f7d5b6cfc66ce81734d84dc95e7723a73a2afad1 Mon Sep 17 00:00:00 2001
From: Nicolas Mowen <nickmowen213@gmail.com>
Date: Tue, 19 Aug 2025 12:39:31 -0600
Subject: [PATCH] Fix joserfc

---
 docker/main/requirements-wheels.txt |  2 +-
 frigate/api/fastapi_app.py          | 24 +++++++++++++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/docker/main/requirements-wheels.txt b/docker/main/requirements-wheels.txt
index 565b788b8..e5f5e6eec 100644
--- a/docker/main/requirements-wheels.txt
+++ b/docker/main/requirements-wheels.txt
@@ -7,7 +7,7 @@ starlette-context == 0.4.*
 fastapi[standard-no-fastapi-cloud-cli] == 0.116.*
 uvicorn == 0.35.*
 slowapi == 0.1.*
-joserfc == 1.0.*
+joserfc == 1.2.*
 cryptography == 44.0.*
 pathvalidate == 3.3.*
 markupsafe == 3.0.*
diff --git a/frigate/api/fastapi_app.py b/frigate/api/fastapi_app.py
index 1265f3af9..9da280d67 100644
--- a/frigate/api/fastapi_app.py
+++ b/frigate/api/fastapi_app.py
@@ -1,4 +1,5 @@
 import logging
+import re
 from typing import Optional
 
 from fastapi import FastAPI, Request
@@ -31,6 +32,7 @@ from frigate.embeddings import EmbeddingsContext
 from frigate.ptz.onvif import OnvifController
 from frigate.stats.emitter import StatsEmitter
 from frigate.storage import StorageMaintainer
+from joserfc.jwk import OctKey
 
 logger = logging.getLogger(__name__)
 
@@ -130,6 +132,26 @@ def create_fastapi_app(
     app.stats_emitter = stats_emitter
     app.event_metadata_updater = event_metadata_updater
     app.config_publisher = config_publisher
-    app.jwt_token = get_jwt_secret() if frigate_config.auth.enabled else None
+
+    if frigate_config.auth.enabled:
+        secret = get_jwt_secret()
+        key_bytes = None
+        if isinstance(secret, str):
+            # If the secret looks like hex (e.g., generated by secrets.token_hex), use raw bytes
+            if len(secret) % 2 == 0 and re.fullmatch(r"[0-9a-fA-F]+", secret or ""):
+                try:
+                    key_bytes = bytes.fromhex(secret)
+                except ValueError:
+                    key_bytes = secret.encode("utf-8")
+            else:
+                key_bytes = secret.encode("utf-8")
+        elif isinstance(secret, (bytes, bytearray)):
+            key_bytes = bytes(secret)
+        else:
+            key_bytes = str(secret).encode("utf-8")
+
+        app.jwt_token = OctKey.import_key(key_bytes)
+    else:
+        app.jwt_token = None
 
     return app