1. connect2id Avatar connect2id
  2. Crypto
  3. Nimbus-JOSE-JWT
  4. Issues

Support for custom `use` (Public Key Use)

Issue #297 resolved
Kaveen Rodrigo created an issue

Hi, currently the library only supports sig and enc for use but as the RFC 7517 specification says 

   Other values MAY be used.  The "use" value is a case-sensitive
   string.  Use of the "use" member is OPTIONAL, unless the application
   requires its presence.

Any chance this would be supported as currently, it throws errors when trying to parse a JWKSet using JWKSet.load 

java.text.ParseException: Invalid JWK at position 1: Invalid JWK use: tls
    at com.nimbusds.jose.jwk.JWKSet.parse(JWKSet.java:337)
    at com.nimbusds.jose.jwk.JWKSet.parse(JWKSet.java:302)
    at com.nimbusds.jose.jwk.JWKSet.load(JWKSet.java:402)
    at com.nimbusds.jose.jwk.JWKSet.load(JWKSet.java:420)

Comments (11)

  2. Kaveen Rodrigo reporter

    Hey Vladimir,

    What do you think is the best approach to solving this, removing the enum foruse selection?

  3. Owen O Byrne

    Hi Vladimir, Kaveen, Are you working on an OpenBanking implementation Kaveen - I'm having the same problem.

    I changed the KeyUse class from an Enum to a String, but left the two enum values as static strings so they can still be used throughout the rest of the code.

    This change affected a lot of the code, but the tests seems to be OK. I added 3 extra tests - 2 to validate that keys can be generated with custom values, and one to check that keys with custom values can be parsed.

    I create a pull request https://bitbucket.org/connect2id/nimbus-jose-jwt/pull-requests/45/changes-to-allow-custom-values-for-the-use/diff

    I hope this is a sensible change - I'd love your feedback. Thanks Owen

  4. Vladimir Dzhuvinov

    Thanks!

    Since we have a breaking change, this will require a new major release. Not a problem though. I'll look at the code.

  5. Kaveen Rodrigo reporter

    Hey Owen,

    Guilty as charged, you know exactly the problem I'm hung on as well. I'll also take a look at it. Feel a tad bit bad as I've already made my own JWK models and parser.

    cheers, Kaveen

  6. Vladimir Dzhuvinov
    • changed status to open

    I looked at the PR. I'm thinking of keeping the KeyUse class, to benefit from type safety. It just won't be an enum, to allow other values.

  8. Vladimir Dzhuvinov

    Commit f4d3069

    The non-enum class change turned out to touch just a few lines of code.

    Should be pushed out to Maven Central as v7 in a few minutes.

    Happy coding!

  9. Owen O Byrne

    Ah yeah, that's a much better way! Thanks Vladimir!

    I don't think 'tls' is a public value - it's a proprietary value being used by the Open Banking standard to differentiate between keys used for TLS encryption, and those used for data encryption.

  10. Kaveen Rodrigo reporter

    Thanks, Vladimir!

    A much better solution, I'll take a look at this. As per tls key type, as Owen said it's an Open Banking UK specific use.

    cheers, Kaveen Rodrigo

  12. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Component
JWK
Milestone
Votes
2
Watchers
2
Jira: the preferred issue tracker for Bitbucket. Join the team!