How to decode keys from Keycloak openid-connect cert api

Question

I'm trying to get the key from Keycloak open-id connect certs endpoint that allow me to validate a JWT token. The api to fetch the keys seam to work :

GET http://localhost:8080/auth/realms/my-realm/protocol/openid-connect/certs

{
 "keys": [
   {
     "kid": "MfFp7IWWRkFW3Yvhb1eVrtyQQNYqk6BG-6HZFpl_JxI",
     "kty": "RSA",
     "alg": "RS256",
     "use": "sig",
     "n": "qDWXUhNtfuHNh0lm3o-oTnP5S8ENpzsyi-dGrjSeewxV6GNiKTW5INJ4hDQ7ZWkUFfJJhfhQWJofqgN9rUBQgbRxXuUvEkrzXQiT9AT_8r-2XLMwRV3eV_t-WRIJhVWsm9CHS2gzbqbNP8HFoB_ZaEt2FYegQSoAFC1EXMioarQbFs7wFNEs1sn1di2xAjoy0rFrqf_UcYFNPlUhu7FiyhRrnoctAuQepV3B9_YQpFVoiUqa_p5THcDMaUIFXZmGXNftf1zlepbscaeoCqtiWTZLQHNuYKG4haFuJE4t19YhAZkPiqnatOUJv5ummc6i6CD69Mm9xAzYyMQUEvJuFw",
     "e": "AQAB"
   }
 ]
}

but where is the key and how to decode it ? $.keys[0].n does not look like base64 and I cannot figure out what it is ? ...if someone can tell me how to get the public key from that payload it will be great !

score 9 · Accepted Answer · answered Oct 06 '16 at 08:21

Looking at https://github.com/keycloak/keycloak/blob/master/core/src/main/java/org/keycloak/jose/jwk/JWKParser.java it seams that returned key are pem encoded using :

modulus
exponent

Look at the mentionned java class to get a public key in java or https://github.com/tracker1/node-rsa-pem-from-mod-exp to get the public key in javascript.

score 0 · Answer 2 · edited Oct 07 '21 at 13:28

0

Type of the key (or keys) is JSON Web Key (JWK). List of supported library is on OpenID web page. I am using jose.4.j for retrieve keys from Keycloak.

edited Oct 07 '21 at 13:28

Community

1
1

answered Oct 08 '18 at 08:25

Saljack

2,072
21
24

How to decode keys from Keycloak openid-connect cert api

2 Answers2