1. Brian McKenna Avatar Brian McKenna
  2. Untitled project
  3. haskell-jwt
  4. Issues

RSA: Private key instead of Public key

Issue #2 resolved
Former user created an issue

Hello, I use your library since a long time, and it's great! Thank you for this. I have an issue regarding the RSA key:

data Signer = HMACSecret BS.ByteString
            | RSAPrivateKey PrivateKey

Shoudn't it be a Public key? I try to verify a JWT in my client application, but I don't have access to the private key of the signer. I use Keycloak to generate the Tokens, however Keycloak will of course give me only its public key.

Official response

Comments (3)

  1. Robert Massaioli

    I have just run into this problem as well. I need to implement https://community.developer.atlassian.com/t/action-required-atlassian-connect-installation-lifecycle-security-improvements/49046#running-a-custom-implementation-6 and have become stuck because I am being given the Public Key and I need to verify the JWT but I don’t have the Public Key.

    I think that we need a Public Key only signer that will fail if you try and encode using it. We could probably even update the types so that you can provide different signers to the encode and decode phases.

  4. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
0
Watchers
None
Jira: the preferred issue tracker for Bitbucket. Join the team!