如何在 jwks_uri 端点中 return RSA 密钥以进行 OpenID 连接发现
How to return RSA key in jwks_uri endpoint for OpenID Connect Discovery
在 OpenID Connect 提供商的发现部分工作,我对如何正确 return 我的 public 键。我的问题特别针对 modulus (n) 和 exponent (e) 值。
两者的初始值为:
n = 124692971944797177402996703053303877641609106436730124136075828918287037758927191447826707233876916396730936365584704201525802806009892366608834910101419219957891196104538322266555160652329444921468362525907130134965311064068870381940624996449410632960760491317833379253431879193412822078872504618021680609253
e = 65537
所以,我阅读 here 的理解,只需要对两者进行 base64url 编码。
(Python中的例子)
n = urlsafe_b64encode(str(n))
e = urlsafe_b64encode(str(e))
n = "MTI0NjkyOTcxOTQ0Nzk3MTc3NDAyOTk2NzAzMDUzMzAzODc3NjQxNjA5MTA2NDM2NzMwMTI0MTM2MDc1ODI4OTE4Mjg3MDM3NzU4OTI3MTkxNDQ3ODI2NzA3MjMzODc2OTE2Mzk2NzMwOTM2MzY1NTg0NzA0MjAxNTI1ODAyODA2MDA5ODkyMzY2NjA4ODM0OTEwMTAxNDE5MjE5OTU3ODkxMTk2MTA0NTM4MzIyMjY2NTU1MTYwNjUyMzI5NDQ0OTIxNDY4MzYyNTI1OTA3MTMwMTM0OTY1MzExMDY0MDY4ODcwMzgxOTQwNjI0OTk2NDQ5NDEwNjMyOTYwNzYwNDkxMzE3ODMzMzc5MjUzNDMxODc5MTkzNDEyODIyMDc4ODcyNTA0NjE4MDIxNjgwNjA5MjUz"
e = "NjU1Mzc="
我哪里错了?因为,例如,google keys 有不同的编码。
(Google 键值)
n = "rl1iVsRbhod-gDJj2SDs94lk5iY0QYXV5HIPtjcx4KmIlmq-cdmfLteTeIHFsO5c6hKUt8R3uZzaQNgF3fKt700fT4m6tU23qK4EoLlx9Z_uSajtpMajdmX_FOdyHyQgcn0tj3YqPeYCOTBhRVNoLIenf9vy0hfFy71lcPhylnE",
e = "AQAB"
我错过了什么吗?感谢您的宝贵时间。
您正在对值的十进制表示进行 base64url 编码,但您应该对八位字节值进行 base64url 编码,即此处定义的大端字节序列:https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1.1 and here https://www.rfc-editor.org/rfc/rfc7518#section-2
Base64urlUInt
The representation of a positive or zero integer value as the
base64url encoding of the value's unsigned big-endian
representation as an octet sequence. The octet sequence MUST
utilize the minimum number of octets needed to represent the
value. Zero is represented as BASE64URL(single zero-valued
octet), which is "AA".
def get_bytes_length(n):
"""ref: https://docs.python.org/3/library/stdtypes.html#int.to_bytes"""
return ((n).bit_length() + 7) // 8
def b64_enc(n, l):
n = n.to_bytes(l, 'big')
return base64.b64encode(n)
>>> b64_enc(65537, get_bytes_length(65537))
>>> b'AQAB'
在 OpenID Connect 提供商的发现部分工作,我对如何正确 return 我的 public 键。我的问题特别针对 modulus (n) 和 exponent (e) 值。
两者的初始值为:
n = 124692971944797177402996703053303877641609106436730124136075828918287037758927191447826707233876916396730936365584704201525802806009892366608834910101419219957891196104538322266555160652329444921468362525907130134965311064068870381940624996449410632960760491317833379253431879193412822078872504618021680609253
e = 65537
所以,我阅读 here 的理解,只需要对两者进行 base64url 编码。
(Python中的例子)
n = urlsafe_b64encode(str(n))
e = urlsafe_b64encode(str(e))
n = "MTI0NjkyOTcxOTQ0Nzk3MTc3NDAyOTk2NzAzMDUzMzAzODc3NjQxNjA5MTA2NDM2NzMwMTI0MTM2MDc1ODI4OTE4Mjg3MDM3NzU4OTI3MTkxNDQ3ODI2NzA3MjMzODc2OTE2Mzk2NzMwOTM2MzY1NTg0NzA0MjAxNTI1ODAyODA2MDA5ODkyMzY2NjA4ODM0OTEwMTAxNDE5MjE5OTU3ODkxMTk2MTA0NTM4MzIyMjY2NTU1MTYwNjUyMzI5NDQ0OTIxNDY4MzYyNTI1OTA3MTMwMTM0OTY1MzExMDY0MDY4ODcwMzgxOTQwNjI0OTk2NDQ5NDEwNjMyOTYwNzYwNDkxMzE3ODMzMzc5MjUzNDMxODc5MTkzNDEyODIyMDc4ODcyNTA0NjE4MDIxNjgwNjA5MjUz"
e = "NjU1Mzc="
我哪里错了?因为,例如,google keys 有不同的编码。
(Google 键值)
n = "rl1iVsRbhod-gDJj2SDs94lk5iY0QYXV5HIPtjcx4KmIlmq-cdmfLteTeIHFsO5c6hKUt8R3uZzaQNgF3fKt700fT4m6tU23qK4EoLlx9Z_uSajtpMajdmX_FOdyHyQgcn0tj3YqPeYCOTBhRVNoLIenf9vy0hfFy71lcPhylnE",
e = "AQAB"
我错过了什么吗?感谢您的宝贵时间。
您正在对值的十进制表示进行 base64url 编码,但您应该对八位字节值进行 base64url 编码,即此处定义的大端字节序列:https://www.rfc-editor.org/rfc/rfc7518#section-6.3.1.1 and here https://www.rfc-editor.org/rfc/rfc7518#section-2
Base64urlUInt
The representation of a positive or zero integer value as the base64url encoding of the value's unsigned big-endian representation as an octet sequence. The octet sequence MUST utilize the minimum number of octets needed to represent the value. Zero is represented as BASE64URL(single zero-valued octet), which is "AA".
def get_bytes_length(n):
"""ref: https://docs.python.org/3/library/stdtypes.html#int.to_bytes"""
return ((n).bit_length() + 7) // 8
def b64_enc(n, l):
n = n.to_bytes(l, 'big')
return base64.b64encode(n)
>>> b64_enc(65537, get_bytes_length(65537))
>>> b'AQAB'