DefaultPermissionVerifier in core/authz/authz.py

[lhmatt]

Line 149:
the_parts = json.loads(assigned.decode('utf-8'))

Running python 3.7, this raise an exception for me. Strings in py3 are automatically unicode, so the .decode('utf-8') call is not valid and raises an attribute exception. Naturally this depends on how you are implementing your datastore though - I'm not using postgres so I don't know if there is something funky going on with strings in the sqlalchemy engine.

I worked around the issue by overriding AccountStoreRealm to init a custom PermissionVerifier. The custom version is identical to the default one except that the .decode('utf-8') call is removed.