Support for custom `use` (Public Key Use)
Hi, currently the library only supports sig
and enc
for use
but as the RFC 7517 specification says
Other values MAY be used. The "use" value is a case-sensitive
string. Use of the "use" member is OPTIONAL, unless the application
requires its presence.
Any chance this would be supported as currently, it throws errors when trying to parse a JWKSet using JWKSet.load
java.text.ParseException: Invalid JWK at position 1: Invalid JWK use: tls
at com.nimbusds.jose.jwk.JWKSet.parse(JWKSet.java:337)
at com.nimbusds.jose.jwk.JWKSet.parse(JWKSet.java:302)
at com.nimbusds.jose.jwk.JWKSet.load(JWKSet.java:402)
at com.nimbusds.jose.jwk.JWKSet.load(JWKSet.java:420)
Comments (11)
-
-
reporter Hey Vladimir,
What do you think is the best approach to solving this, removing the enum for
use
selection? -
Hi Vladimir, Kaveen, Are you working on an OpenBanking implementation Kaveen - I'm having the same problem.
I changed the KeyUse class from an Enum to a String, but left the two enum values as static strings so they can still be used throughout the rest of the code.
This change affected a lot of the code, but the tests seems to be OK. I added 3 extra tests - 2 to validate that keys can be generated with custom values, and one to check that keys with custom values can be parsed.
I create a pull request https://bitbucket.org/connect2id/nimbus-jose-jwt/pull-requests/45/changes-to-allow-custom-values-for-the-use/diff
I hope this is a sensible change - I'd love your feedback. Thanks Owen
-
Thanks!
Since we have a breaking change, this will require a new major release. Not a problem though. I'll look at the code.
-
reporter Hey Owen,
Guilty as charged, you know exactly the problem I'm hung on as well. I'll also take a look at it. Feel a tad bit bad as I've already made my own JWK models and parser.
cheers, Kaveen
-
- changed status to open
I looked at the PR. I'm thinking of keeping the KeyUse class, to benefit from type safety. It just won't be an enum, to allow other values.
-
It there an official spec that defines the "tls" key type?
-
- changed status to resolved
Commit f4d3069
The non-enum class change turned out to touch just a few lines of code.
Should be pushed out to Maven Central as v7 in a few minutes.
Happy coding!
-
Ah yeah, that's a much better way! Thanks Vladimir!
I don't think 'tls' is a public value - it's a proprietary value being used by the Open Banking standard to differentiate between keys used for TLS encryption, and those used for data encryption.
-
reporter Thanks, Vladimir!
A much better solution, I'll take a look at this. As per
tls
key type, as Owen said it's an Open Banking UK specific use.cheers, Kaveen Rodrigo
-
Thanks for clarifying the tls :)
- Log in to comment
You're right. Would be interested in submitting a PR? :)