Using own PublicKey implementation
Issue #146
invalid
I try to create PublicKey object and pass it to JWTConsumer to verify signature. Unfortunately I am getting this error
Invalid JWT! org.jose4j.jwt.consumer.InvalidJwtException: JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.InvalidKeyException: The given key (algorithm=RSA) is not valid for SHA256withRSA): JsonWebSignature ...
With same JWT, if I try to check it with key obtained through creation from JSON (new JsonWebKeySet(json)), everything works fine.
Both key created manually and key obtained from JsonWebKeySet implements PublickKey interface. Both returns same values from interface methods. Checked by running equals method on every value.
My case is to use keys obtained from official KeyCloak server library. Unfortunately I can't get Key or PublicKey object from it, only theirs own implementation. Is there a way to integrate those two?
Lib version: 0.6.5
Small off topic: Great job with library!
Comments (3)
-
repo owner
-
reporter
There could be a problem with interface on my side. I was creating a
PublicKeynot aRSAPublicKey.
I will try later with RSA one and see if it resolves problem. -
repo owner
- changed status to invalid
- Log in to comment
I don’t know what the keys obtained from official KeyCloak server library are but it looks like the underlying java security provider doesn’t like it as a verification key for ‘SHA256withRSA’. Maybe it doesn’t implement ‘RSAPublicKey’? I’m just guessing. Using the JSON Web Key Set to get a proper key object probably would be the way to integrate things.