Assistance Needed with InvalidKeyError in Retool Python Integration

Queries and Resources
, ,
1

Dear Retool Support Team,

I hope this message finds you well.

I am currently in the process of setting up a simple workflow in Retool using Python to connect to a third-party service via the Fireblocks SDK. The issue I’m encountering is a parsing error with the public key, as indicated by the error message:

InvalidKeyError: Could not parse the provided public key.

Interestingly, this exact code works flawlessly when executed in my local Jupyter notebook environment. I have attached a screenshot of the error message for your reference.

Given that the code itself seems to be correct, I suspect the issue might be specific to the Retool environment or its handling of the public key. Could you please advise on how to troubleshoot or debug this issue further within Retool? Are there any environment-specific configurations or additional steps I should take to ensure the key is correctly parsed?

Thank you in advance for your assistance. I’m looking forward to your guidance on resolving this issue.

Best regards,
Roger Launay

Screenshot 2024-08-02 at 22.02.26
Screenshot 2024-08-02 at 22.02.261471×763 97.4 KB

2

Does anything show up in your log when you try to print() the API key? Where is FIREBLOCKS_API_KEY defined? Do you mean to reference retoolContext.configVars.FIREBLOCKS_API_KEY (a stored configuration variable)?

3

Hi, yes in the debug log console, the api key appears when i run the function to print the api key. In any case i also try to send api key directly as text but same issue is faced

Same code on jupyternotebook works

And FIREBLOCKS_API_KEY defined in the environment variable script of retool

4

hi Jg80,
in my "setup script" i have the credentials saved in text, as python variable

image
image1716×1412 304 KB

Though when i try the 2 basic authentification way of fireblocks, both dont work on the code element :slight_smile:

image
image2938×1602 445 KB

its a very simple instruction i dont understand why it doesnt work. but again works fine on my jupyter notebook
how can i debug in more details this issue of public key ?

5

i've tried different approach to authenticate but it seems the error comes from a bug on retool side, as the same code works fine on jupyter notebook but not on retool workflow i ve managed to drill down the problem into this code below: even though it doesnt authenticate, it shoots back the error : InvalidKeyError: Could not parse the provided public key.

any help would be greatly appreciated thanks

import json
import math
import secrets
import time
from hashlib import sha256

import jwt

class FireblocksRequestHandler(object):
    def __init__(self, private_key, api_key):
        self.private_key = private_key
        self.api_key = api_key

    def _sign_jwt(self, path, body_json=""):
        timestamp = time.time()
        nonce = secrets.randbits(63)
        timestamp_secs = math.floor(timestamp)
        path = path.replace("[", "%5B")
        path = path.replace("]", "%5D")
        token = {
            "uri": path,
            "nonce": nonce,
            "iat": timestamp_secs,
            "exp": timestamp_secs + 55,
            "sub": self.api_key,
            "bodyHash": sha256(json.dumps(body_json).encode("utf-8")).hexdigest()
        }
        return jwt.encode(token, key=self.private_key, algorithm="RS256")


    def get_request(self, path):
        token = self._sign_jwt(path)
        print(self.api_key)

        headers = {
            "X-API-Key": self.api_key,
            "Authorization": f"Bearer {token}"
        }
        print(headers)
        return headers


base_url = 'https://api.fireblocks.io' 
request_handler = FireblocksRequestHandler(FIREBLOCKS_API_SECRET, FIREBLOCKS_API_KEY)
response = request_handler.get_request('/v1/vault/accounts_paged')
return response
6

Hey @roger - welcome back to the community forum. :wave:

I think I was able to figure out what's going on here; as you suspected, the root of the issue is the encoding of the JWT token. Given the fact that the Fireblocks SDK encodes its JWT using the RS256 algorithm, it's super important that FIREBLOCKS_API_SECRET be very specifically formatted.

As it turns out, Retool isn't reading the multi-line string correctly. I was able to get it working by formatting the FIREBLOCKS_API_SECRET constant as a single line with new line (\n) characters!

I'll bring this to the attention of our team and pass on any updates but hopefully you can move forward now!