oauth-2.0jwtopenidjjwt
Decode IdToken using JJWT with RSA
My customer sends to me a JWT, I need to validate this JWT using their public key. I am using Java and JJWT framework to validate this token. I know decode this token using HS256, but using RS256 I don't know.
their configurations is:
Editing here to improve my question. The jjwt example of parse that I am using:
Claims String secret = "-----BEGIN CERTIFICATE-----myx5ckey-----END CERTIFICATE-----"
byte[] dataBytes = Base64.getEncoder().encode(secret.getBytes());
byte[] byteKey = Base64.getDecoder().decode(dataBytes);
X509EncodedKeySpec X509publicKey = new X509EncodedKeySpec(byteKey);
KeyFactory kf = KeyFactory.getInstance("RSA");
PublicKey publicKey = kf.generatePublic(X509publicKey);
Claims body = null;
body = Jwts.parser().setSigningKey(publicKey.getEncoded())
.parseClaimsJws(idToken)
.getBody();
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:205)
How can I validate the received token using the JWKS informations that I show? (imagem above)
Solution
I solved my problem.
String secret2 = "myX5c";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(new ByteArrayInputStream(DatatypeConverter.parseBase64Binary(secret2)));
PublicKey publicKey = certificate.getPublicKey();
Claims body = null;
body = Jwts.parser().setSigningKey(publicKey)
.parseClaimsJws(idToken)
.getBody();
@KcDoD thanks for your tips.