Using own PublicKey implementation
I try to create PublicKey
object and pass it to JWTConsumer
to verify signature. Unfortunately I am getting this error
Invalid JWT! org.jose4j.jwt.consumer.InvalidJwtException: JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.InvalidKeyException: The given key (algorithm=RSA) is not valid for SHA256withRSA): JsonWebSignature ...
With same JWT, if I try to check it with key obtained through creation from JSON (new JsonWebKeySet(json)
), everything works fine.
Both key created manually and key obtained from JsonWebKeySet
implements PublickKey
interface. Both returns same values from interface methods. Checked by running equals
method on every value.
My case is to use keys obtained from official KeyCloak server library. Unfortunately I can't get Key
or PublicKey
object from it, only theirs own implementation. Is there a way to integrate those two?
Lib version: 0.6.5
Small off topic: Great job with library!
Comments (3)
-
repo owner -
reporter There could be a problem with interface on my side. I was creating a
PublicKey
not aRSAPublicKey
.
I will try later with RSA one and see if it resolves problem. -
repo owner - changed status to invalid
- Log in to comment
I don’t know what the keys obtained from official KeyCloak server library are but it looks like the underlying java security provider doesn’t like it as a verification key for ‘SHA256withRSA’. Maybe it doesn’t implement ‘RSAPublicKey’? I’m just guessing. Using the JSON Web Key Set to get a proper key object probably would be the way to integrate things.