[prev in list] [next in list] [prev in thread] [next in thread]
List: wsf-javascript-dev
Subject: Re: [Dev] JWKs to validate the IDToken from WSO2 IS
From: Abilashini Thiyagarajah <abilashini () wso2 ! com>
Date: 2016-11-29 5:20:38
Message-ID: CAA_6R0_JnMqGy2EAAFAq7BqHfDBGf3JBe_isrD-h9X26eiaXPg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I would like to explain the way the JWK set has been generated to validate
the ID Token received from the token endpoint of WSO2 IS in the
implementation of tomcat extension of OpenID Connect.
As currently the IS uses a single set of JWK,
The public key type, modulus and exponent are taken from the
client-truststore.jks certificate.
algorithm = RS256
x5t = NmJmOGUxMzZlYjM2ZDRhNTZlYTA1YzdhZTRiOWE0NWI2M2JmOTc1ZA
key_ID = d0ec514a32b6f88c0abd12a2840699bdd3deba9d
These values are generated as a json object and created a JWK set using
Nimbus class JWK <http://com.nimbusds.jose.jwk.JWK> and used to validate
the ID Token using the class IDTokenValidator
<http://com.nimbusds.openid.connect.sdk.validators.IDTokenValidator>.
Thank you.
--
T. Abilashini
Intern
Software Engineering
WSO2 Inc. http://wso2.com/
Phone +94 719248432
[Attachment #5 (text/html)]
<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">Hi,</div><div \
class="gmail_quote"><br></div><div class="gmail_quote">I would like to explain the \
way the JWK set has been generated to validate the ID Token received from the token \
endpoint of WSO2 IS in the implementation of tomcat extension of OpenID \
Connect.</div><div class="gmail_quote"><br></div><div class="gmail_quote">As \
currently the IS uses a single set of JWK,</div><div \
class="gmail_quote"><br></div><div class="gmail_quote">The public key type, modulus \
and exponent are taken from the client-truststore.jks certificate.</div><div \
class="gmail_quote">algorithm = <span style="font-family:"dejavu sans \
mono""><font color="#000000">RS256</font></span></div><div \
class="gmail_quote">x5t = <span style="font-family:"dejavu sans \
mono""><font color="#000000">NmJmOGUxMzZlYjM2ZDRhNTZlYTA1YzdhZTRiOWE0NWI2M2JmOTc1ZA</font></span></div><div \
class="gmail_quote"><span style="font-family:"dejavu sans mono""><font \
color="#000000">key_ID = </font></span><span style="font-family:"dejavu sans \
mono""><font color="#000000">d0ec514a32b6f88c0abd12a2840699bdd3deba9d</font></span></div><div \
class="gmail_quote"><span style="font-family:"dejavu sans mono""><font \
color="#000000"><br></font></span></div><div class="gmail_quote"><span \
style="font-family:"dejavu sans mono""><font color="#000000">These values \
are generated as a json object and created a JWK set using Nimbus class <a \
href="http://com.nimbusds.jose.jwk.JWK">JWK</a> and used to validate the ID Token \
using the class <a href="http://com.nimbusds.openid.connect.sdk.validators.IDTokenValidator">IDTokenValidator</a>. \
</font></span></div><div class="gmail_quote"><span style="font-family:"dejavu \
sans mono""><font color="#000000"><br></font></span></div><div \
class="gmail_quote"><span style="font-family:"dejavu sans mono""><font \
color="#000000">Thank you. </font></span></div><div class="gmail_quote"><span \
style="font-family:"dejavu sans mono""><font \
color="#000000"><br></font></span></div>-- <br><div \
class="gmail-m_-3880200887836452515m_-7075004927832235693gmail_signature"><div \
dir="ltr"><div><div><div><div>T. Abilashini<br></div>Intern<br></div>Software \
Engineering<br></div>WSO2 Inc. <a href="http://wso2.com/" \
target="_blank">http://wso2.com/</a><br></div>Phone <a href="tel:%2B94%20719248432" \
value="+94719248432" target="_blank">+94 719248432</a><br><div><br></div></div></div> \
</div></div>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic