Comments (6)
Commits:
from fusionauth-jwt.
Regarding the x5c material itself - it seems at the minimum, it would be nice to provide a feature to validate the certificate against the CAs known by the JVM
from fusionauth-jwt.
I can take a look at adding that capability.
from fusionauth-jwt.
Release 3.6.0 w/ validation for x5c. I'll keep this open to still look at adding certificate verification options.
from fusionauth-jwt.
Hello @robotdan
Came across this discussion while searching on the internet for the issue I am getting while trying to verify my Id Token.
I think you can help me with the issue so posting it here, I am sorry if this is not the correct place to ask about issues, I tried posting it on forums and stackoverflow but no help so far.
I am using fusionauth-jwt library to verify ID token signed by RSA SHA 256 key.
In my code below ,first trying to get public key using JWKS json and then trying to create a Verifier instance so that I can verify my id token.
List<JSONWebKey> keys = JSONWebKeySetHelper.retrieveKeysFromJWKS("http://localhost:9011/.well-known/jwks.json");
Map<String, Verifier> publicKeyVerifiers = new HashMap<String,Verifier>();
for (JSONWebKey key : keys) {
String publicKey = key.x5c.get(0); //getting x5c element
Verifier verifier = RSAVerifier.newVerifier(publicKey); // Creating RSA verifier instance where getting issue
String kid = key.kid;
publicKeyVerifiers.put(kid, verifier);
}
JWT jwtDecoded = JWT.getDecoder().decode(idToken, publicKeyVerifiers);
Getting issue at the time of creating verifier instance because the x5c element contains Base64Encoded value and not the .pem format value which begins with "-----BEGIN"
Class "io.fusionauth.pem.PEMDecoder.java" expects "-----BEGIN" which is not present in key.x5c and hence throwing exception "throw new PEMDecoderException(new InvalidParameterException("Unexpected PEM Format"));
Screenshot of PEMDecoder.java
Please could you suggest how to fix it.
Thanks.
from fusionauth-jwt.
@GokulMahajan20 - it looks like we are expect the key to be PEM encoded. The x5c
is not PEM encoded, it is just a base64
encoded version of the key. (mostly the same as PEM except no headers, and is not MIME encoded)
Could you just pass in the byte array instead?
String publicKey = key.x5c.get(0);
byte[] decoded = Base64.getDecoder().decode(publicKey);
Verifier verifier = RSAVerifier.newVerifier(decoded); // Creating RSA verifier instance where getting issue
Would that work for you?
from fusionauth-jwt.
Related Issues (20)
- Add support for OAuth2 configuration HOT 8
- io.fusionauth:fusionauth-jwt:4.0.1 has security vulnerabilities HOT 4
- README improvements
- Configurable timeouts on UrlConnection HOT 6
- Upgrade to Java >= 14? HOT 7
- Create a RSASigner.newSHA256Signer which supports PrivateKey instance HOT 2
- Wrong module descriptor HOT 10
- Will Grant Negotiation and Authorization Protocol (GNAP) working code be made available soon? HOT 2
- Embedding JWK does not yield an interoperable result HOT 3
- Overriding "configureMessageConverters" in spring HOT 2
- How to gen a jwk with kid? HOT 3
- 2047 vs. 2048 HOT 2
- Android 7 - Base64 NoClassDefFoundError HOT 1
- Decode expired JWT throws Exception HOT 2
- Best way to pull out "kid" to pick verifier? HOT 4
- Support Function<String,Verifier> for kid mapping HOT 2
- "The JWT could not be de-serialized." HOT 4
- Need Ability to Extend `Header` class HOT 2
- Fix padding on the EC signature when decoding `r` and `s` from the DER encoded value HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fusionauth-jwt.