Highest Voted 'jwk' Questions

0

votes

0 answers

How to configure spring authorization to sign jwt tokens using existing jwks keys

Good Day, My situations is as follows. I have one resource server and two authorization servers. The first authorization server(Not maintained by us) uses a set of jwks to sign jwt token whenever someone logs in via their portal. Our resource server…

asked Oct 26 '22 at 09:02

Lyle Phillips

197
4
13

0

votes

0 answers

401 Unauthorized in Validating JWT Signature Signed by GCP Service Account

Currently, I’m using the Service Account of Google Cloud to implement the authorization feature. Here is the configuration for Token Validation: options.TokenValidationParameters = new TokenValidationParameters { …

asp.net-core jwt asp.net-authorization jwk

asked Oct 25 '22 at 06:53

TIenHT

61
1
7

0

votes

1 answer

JWT Token valid by JwtSecurityTokenHandler but no valid by JWT.IO - IdentityServer4

We use IdentityServer4 and the generated tokens are accepted by the Token middleware. But the token validation on jwt.io fails I've already tried the validation on jwt.io with PEM and JWK. Both fails. As supposed here: Other question If I do the…

c# jwt identityserver4 jwk

asked Oct 24 '22 at 18:42

Manuel Amstutz

1,311
13
33

0

votes

0 answers

Last character change in Access Token

I am using the access token string as issued by the authorization server. The token is decoded and using for Securing API. Everything works fine but even if I change the last character of token string it's validating. Why does it validate?

jwt access-token jwk base64url

asked Oct 18 '22 at 11:49

Yaganti Sivakrishna

1
1

0

votes

1 answer

Restrict the exposure of the discovery jwks key in a web browser/ UI

Need to restrict the exposure of the discovery jwks key in a web browser/ UI. The is the request from the security team to prevent the exposure in jwks url . .well-known/openid-configuration/jwks im using asp.net core 3.1 and identity server 4 and…

asp.net-web-api identityserver4 openid-connect discovery jwk

asked Oct 12 '22 at 07:58

Rosario

1

0

votes

1 answer

Java com.nimbusds.jose.jwk.JWKSet with custom field

I have a client sending in a JWKS like this: { "keys": [ "kty": "RSA", "use": "sig", "alg": "RS256", "kid": "...", "x5t": "...", "custom_field_1": "this is some content", "custom_field_2": "this is some content, too", …

java jwt jwk

asked Sep 21 '22 at 18:38

el n00b

1,957
7
37
64

0

votes

1 answer

Problem with resource server when using Keycloak as an authorization server: "enc (use) is currently not supported"

I'm trying to run the example from chapter 18 of the book Spring Security in Action (written by Laurentiu Spilca). It's about getting an access token from authorization server (here it is Keycloak) and then, operating on the resources that reside on…

java spring-security jwt keycloak jwk

asked Aug 09 '22 at 11:18

Geralt

113
9

0

votes

1 answer

Difference between JWK generated with different libraries

I am working on migration from php to Java, while doing so , I encountered a JWK that is being generated with spomky-jose/JWKFactory (let's call that JWK-P) while for generating JWK in Java , I am using nimbus-jose-jwt library (let's call that…

java php jwt jwk jose

asked Jul 28 '22 at 12:50

Prakhar

41
6

0

votes

1 answer

Generating JWK with a private key while using jose4j to generate JWS

I am trying to generate a JWK using my private key while using jose4j library to generate a JWE with the earlier mentioned JWK. But the key generated doesn't seem to be correct, also, it doesn't have all the fields (only n, e and kty get generated ,…

java jwt jwk jwe jose4j

asked Jul 21 '22 at 16:01

Prakhar

41
6

0

votes

0 answers

Why it's not possible to export the key, when you generate a key for encryption and decryption in subtleCrypto?

Here: const fs = require("fs").promises; const { subtle } = require("crypto"); const getPem = require("rsa-pem-from-mod-exp"); async function createPub() { const keyPair = await subtle.generateKey({ name: "RSASSA-PKCS1-v1_5", …

node.js encryption public-key jwk subtlecrypto

asked Jul 18 '22 at 19:32

milanHrabos

2,010
3
11
45

0

votes

1 answer

Convert Private JWK to private.pem

I have generated a public/private JWS Key Pair and I need to convert my private key to a .pem file to sign my JWT using RS256 Algorithm. Is there a solution for this? I dont mind using like bash scripts etc, I am writing in .NET though if there is a…

jwt pem jwk rs256

asked Jun 21 '22 at 14:29

Liam Kenny

129
1
11

0

votes

1 answer

verify google IdToken with jwt-cpp

How to verify google tokenId jwt with jwt-cpp lib or something else lib on c++? I tried to redo the example from the library on github, but I don't have enough knowledge in tokens to do everything right, that's what I got: std::string raw_jwks = …

c++ google-cloud-platform google-authentication jwk

asked May 25 '22 at 12:23

Deymos s

55
4

0

votes

2 answers

Storing keys - Should I store private keys in PEM or JWK JSON format?

Which is more conventional? For cross-platform; it is ok to store and use JWK in the JSON format? Do I need to encrypt them before storing it in a database?

jwt websecurity jwk jwe jose

asked Apr 13 '22 at 04:07

Lee

703
6
20

0

votes

0 answers

jwt-go: key is invalid error with RS256 generated from mkjwk.org

I am using the https://github.com/dgrijalva/jwt-go library like this: package main import ( "fmt" "time" "github.com/dgrijalva/jwt-go" ) var jwtKey = []byte(` { "p":…

go jwt jwk

asked Apr 01 '22 at 15:52

Prakhar Mishra

1,586
4
28
52

0

votes

1 answer

Failed to select a JWK signing key - Trying to implement Elliptic Curve keys to sign OAuth2AuthorizationServer's JWKS

I'm trying to use the new spring security's oauth2-authorization-server using authorization code grant flow in my project while following the samples provided in it's github repo but decided to set ES256 instead of RS256. In the following its…

java spring-boot spring-security jwk

asked Feb 01 '22 at 16:31

gxrj

49
1
6

Questions tagged [jwk]