如何从 nodejs 中的身份服务器 4 的 jwk returns 中提取 public 密钥?
How to extract the public key from jwk returns from identity server 4 in nodejs?
我正在使用 jose npm 包。
var http = require('http');
var { default: parseJwk } = require('jose/jwk/parse');
http.get('http://hostname/.well-known/openid-configuration/jwks', (resp) => {
let data = '';
// A chunk of data has been received.
resp.on('data', (chunk) => {
data += chunk;
});
resp.on('end', () => {
parseJwk(JSON.parse(data).keys[0])
.then(rsaPublicKey => {
/// how to extract public key here
res.send({ raw: JSON.parse(data), parsed: rsaPublicKey });
}, err => {
res.status(500).json(err);
});
// res.send({raw: JSON.parse(data), parsed: ''});
// console.log(JSON.parse(data));
});
}).on("error", (err) => {
console.log("Error: " + err.message);
res.status(500).json(err);
});
JWT 令牌示例:
{
alg:'RS256'
e:'AQAB'
kid:'MKYnjQ_a1EfAdUkVD7ToVA'
kty:'RSA'
n:'01ixZ7ujifVsulyKYKF9Wat_fZRzjkOPG3CL4Iw-Ntxjb6mJUSdTBsV7yYjXjI3yFOqr0loCwfHZb40EE1A7hPNzK3etbAA2SIZa365ZJjv7qJobeCgZjvJnr5UvL-xEBAEzS3vS4u9KmI0-AF243SxtmQxrpkfqTl-cL4wDMmkffGBFlAigufR80NXR5sTejEHAQzjCTPR1518ssNX9OM8t1QHGxGwtp5OUZDSx0DZuCGuvHfEk5eYIEqNfhNEtZnvPmEEqrv6Adweaf4XI2kSrFlBfVjE2DXzeTvy8Kd9wSw6jE8gj-mfo9CcYKpLSqZrxUSetz0RfAnK2sLF1OQ'
use:'sig'
}
在上面的代码中如何提取 public 密钥来验证 jwt?
在我使用过的大多数库中,您需要在验证之前从 JWK 格式转换为 PEM 格式。这可能会变得很低,通常建议使用库。这是一个 class of mine,其中包含一些示例用法和以下库:
更好的是,JWKS-RSA 库非常有用,因为它缓存了 JWKS 密钥以防止冗余下载:
import jwksClient, {SigningKey} from 'jwks-rsa';
private async _downloadJwksKeyForKeyIdentifier(tokenKeyIdentifier: string): Promise<string> {
return new Promise<string>((resolve, reject) => {
const client = jwksClient({
jwksUri: this._oauthConfig.jwksEndpoint,
});
client.getSigningKey(tokenKeyIdentifier, (err: any, key: SigningKey) => {
if (err) {
return reject(err);
}
return resolve(key.getPublicKey());
});
}
}
我正在使用 jose npm 包。
var http = require('http');
var { default: parseJwk } = require('jose/jwk/parse');
http.get('http://hostname/.well-known/openid-configuration/jwks', (resp) => {
let data = '';
// A chunk of data has been received.
resp.on('data', (chunk) => {
data += chunk;
});
resp.on('end', () => {
parseJwk(JSON.parse(data).keys[0])
.then(rsaPublicKey => {
/// how to extract public key here
res.send({ raw: JSON.parse(data), parsed: rsaPublicKey });
}, err => {
res.status(500).json(err);
});
// res.send({raw: JSON.parse(data), parsed: ''});
// console.log(JSON.parse(data));
});
}).on("error", (err) => {
console.log("Error: " + err.message);
res.status(500).json(err);
});
JWT 令牌示例:
{
alg:'RS256'
e:'AQAB'
kid:'MKYnjQ_a1EfAdUkVD7ToVA'
kty:'RSA'
n:'01ixZ7ujifVsulyKYKF9Wat_fZRzjkOPG3CL4Iw-Ntxjb6mJUSdTBsV7yYjXjI3yFOqr0loCwfHZb40EE1A7hPNzK3etbAA2SIZa365ZJjv7qJobeCgZjvJnr5UvL-xEBAEzS3vS4u9KmI0-AF243SxtmQxrpkfqTl-cL4wDMmkffGBFlAigufR80NXR5sTejEHAQzjCTPR1518ssNX9OM8t1QHGxGwtp5OUZDSx0DZuCGuvHfEk5eYIEqNfhNEtZnvPmEEqrv6Adweaf4XI2kSrFlBfVjE2DXzeTvy8Kd9wSw6jE8gj-mfo9CcYKpLSqZrxUSetz0RfAnK2sLF1OQ'
use:'sig'
}
在上面的代码中如何提取 public 密钥来验证 jwt?
在我使用过的大多数库中,您需要在验证之前从 JWK 格式转换为 PEM 格式。这可能会变得很低,通常建议使用库。这是一个 class of mine,其中包含一些示例用法和以下库:
更好的是,JWKS-RSA 库非常有用,因为它缓存了 JWKS 密钥以防止冗余下载:
import jwksClient, {SigningKey} from 'jwks-rsa';
private async _downloadJwksKeyForKeyIdentifier(tokenKeyIdentifier: string): Promise<string> {
return new Promise<string>((resolve, reject) => {
const client = jwksClient({
jwksUri: this._oauthConfig.jwksEndpoint,
});
client.getSigningKey(tokenKeyIdentifier, (err: any, key: SigningKey) => {
if (err) {
return reject(err);
}
return resolve(key.getPublicKey());
});
}
}