Fix joserfc

docker/main/requirements-wheels.txt

@@ -7,7 +7,7 @@ starlette-context == 0.4.*
 fastapi[standard-no-fastapi-cloud-cli] == 0.116.*
 uvicorn == 0.35.*
 slowapi == 0.1.*
-joserfc == 1.0.*
+joserfc == 1.2.*
 cryptography == 44.0.*
 pathvalidate == 3.3.*
 markupsafe == 3.0.*

frigate/api/fastapi_app.py

@@ -1,4 +1,5 @@
 import logging
+import re
 from typing import Optional
 
 from fastapi import FastAPI, Request
@@ -31,6 +32,7 @@ from frigate.embeddings import EmbeddingsContext
 from frigate.ptz.onvif import OnvifController
 from frigate.stats.emitter import StatsEmitter
 from frigate.storage import StorageMaintainer
+from joserfc.jwk import OctKey
 
 logger = logging.getLogger(__name__)
 
@@ -130,6 +132,26 @@ def create_fastapi_app(
     app.stats_emitter = stats_emitter
     app.event_metadata_updater = event_metadata_updater
     app.config_publisher = config_publisher
-    app.jwt_token = get_jwt_secret() if frigate_config.auth.enabled else None
+
+    if frigate_config.auth.enabled:
+        secret = get_jwt_secret()
+        key_bytes = None
+        if isinstance(secret, str):
+            # If the secret looks like hex (e.g., generated by secrets.token_hex), use raw bytes
+            if len(secret) % 2 == 0 and re.fullmatch(r"[0-9a-fA-F]+", secret or ""):
+                try:
+                    key_bytes = bytes.fromhex(secret)
+                except ValueError:
+                    key_bytes = secret.encode("utf-8")
+            else:
+                key_bytes = secret.encode("utf-8")
+        elif isinstance(secret, (bytes, bytearray)):
+            key_bytes = bytes(secret)
+        else:
+            key_bytes = str(secret).encode("utf-8")
+
+        app.jwt_token = OctKey.import_key(key_bytes)
+    else:
+        app.jwt_token = None
 
     return app