How to construct jkt claim? Any plans to add it to library?

https://developer.okta.com/docs/guides/dpop/main/#build-the-request

Here is the jwk I passed to OAuth sever token endpoint

{"kty":"RSA","kid":"testoauth01.app","use":"sig","n":"sCeUuD0YudiM4GSubTD7TIYqlSg0zdhSPfZOJapn-swabtix8q0COSK48XUSu6kjBd1BFNzAikH9Z8EjsMmEnLMW8OSHo12FV7y21lLjUr7Sk9bFeIKTJoUGj6l733rWXdpvrgDL-T9LdbTfa5ZPOH93byHPQvh-KpU4i-wIir0CGToV2F7rHsmrhreHAd_fJCUalF8ggI_4Y0gi6PbRY5CjLQl13oEA4r0PcUP4GtHYfw-mNL07NGDN2OKUWpEHDi3Ft_exIuFmNOdv454jIscQACMkk6OoxGahPUXwHebQchib5EfK3p8oQEstNnk4QdGLiZoA043qlH7I4DdG6w","e":"AQAB","x5c":["MIIC6TCCAlKgAwIBAgIEZFQuMzANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1OMTAwLgYDVQQHDCc0MDAgRmlyc3QgQXZlbnVlIE5vcnRoICM0MDAgTWlubmVhcG9saXMxETAPBgNVBAoMCFBlcmZvcmNlMQ4wDAYDVQQLDAVBa2FuYTEPMA0GA1UEAwwGUm9vdENBMB4XDTIzMDUwNDIyMTQxMVoXDTI0MDUwMzIyMTQxMVowbTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTaW1pIFZhbGxleTERMA8GA1UECgwIUGVyZm9yY2UxDjAMBgNVBAsMBUFrYW5hMRgwFgYDVQQDDA90ZXN0b2F1dGgwMS5hcHAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwJ5S4PRi52IzgZK5tMPtMhiqVKDTN2FI99k4lqmf6zBpu2LHyrQI5IrjxdRK7qSMF3UEU3MCKQf1nwSOwyYScsxbw5IejXYVXvLbWUuNSvtKT1sV4gpMmhQaPqXvfetZd2m+uAMv5P0t1tN9rlk84f3dvIc9C+H4qlTiL7AiKvQIZOhXYXuseyauGt4cB398kJRqUXyCAj/hjSCLo9tFjkKMtCXXegQDivQ9xQ/ga0dh/D6Y0vTs0YM3Y4pRakQcOLcW397Ei4WY052/jniMixxAAIySTo6jEZqE9RfAd5tByGJvkR8renyhASy02eThB0YuJmgDTjeqUfsjgN0brAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAEPcQtJsCTxunLnfz4kNkBRDbK2UVlORRX77mewGBFFzwu4oNFGV5sZCtANSZMuUaZIVLMI6LrR2SjEVmv1xMg1jsZ3/Hss5cD8BsW7xyms1+Se3Zv/sR3GkbSFaFoglJnu02YESSzSqsNFfCbTqF7Fwq3oWXHpnLdemx7qZ5jR0=","MIICmDCCAgGgAwIBAgIEYmgdyDANBgkqhkiG9w0BAQsFADCBgDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1OMTAwLgYDVQQHDCc0MDAgRmlyc3QgQXZlbnVlIE5vcnRoICM0MDAgTWlubmVhcG9saXMxETAPBgNVBAoMCFBlcmZvcmNlMQ4wDAYDVQQLDAVBa2FuYTEPMA0GA1UEAwwGUm9vdENBMB4XDTIyMDQyNjE2Mjg1NloXDTQyMDQyNjE2Mjg1NlowgYAxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNTjEwMC4GA1UEBwwnNDAwIEZpcnN0IEF2ZW51ZSBOb3J0aCAjNDAwIE1pbm5lYXBvbGlzMREwDwYDVQQKDAhQZXJmb3JjZTEOMAwGA1UECwwFQWthbmExDzANBgNVBAMMBlJvb3RDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApzJgst33S18ktHT6gSTqHsgOenvDwGsW0ac+y38XYbTzlRbeMK1RnomfWGi/UPR4R2WM/0L8ycCEai2VTB5AkDJNSHlir/lNcwtK/nOzEMASQEV0QPH5boQfus7NVz3HBJ3h+lWafYruOdDFZ8rOQsfEWJn3CSDS/H7XVRPyGS0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADgYEAOpW/gdVcGshWBCMB+/d887O1t0bRuIJsedfBleMUxD9aBmx5WmlPcb4F4TB+G5M5RYNfsYzhVCAwCbFQ8gVKMSMwdzY/SADgzyFLbkEXYXkX2cnp0xzsgL+JWLbiNHU/XUFRbzcum+QtOmB5OEIP+sk228/pTWDHBvA885nKyJc="]}

The OAuth server introspection API is returning jkt as 2zAFuDzsg3K4anyjGzFF1QHn8R5F2_gsZL97xkQ7fl0

jkt : A base64url encoding of the JWK SHA-256 hash of the DPoP public key (in JWK format)

I tried to construct using below code and got zU6OIxjbigM92IO7seFed3iRWyc1FDhFFMktJM__pI8

    public static String jktS256(PublicJsonWebKey jwk) {
        return base64urlThumbprint(jwk, "SHA-256");
    }

    private static String base64urlThumbprint(PublicJsonWebKey jwk, String hashAlg) {
        MessageDigest msgDigest = HashUtil.getMessageDigest(hashAlg);
        byte[] jwkBytes = jwk.toJson(OutputControlLevel.PUBLIC_ONLY).getBytes();
        byte[] digest = msgDigest.digest(jwkBytes);
        return Base64Url.encode(digest);
    }

I am not sure I did wrong.

‌

Comments (9)