如何在jwks_uri端点中为OpenID Connect发现返回RSA密钥 [英] How to return RSA key in jwks_uri endpoint for OpenID Connect Discovery
问题描述
在处理OpenID Connect提供程序的发现部分时,我对如何正确返回我的 public keys 感到有些困惑.我的问题特别是与modulus (n)
和exponent (e)
值有关.
Working on the discovery part of an OpenID Connect provider, I'm a bit confused about how to properly return my public keys. My problem is specifically with the modulus (n)
and the exponent (e)
values.
两者的初始值为:
n = 124692971944797177402996703053303877641609106436730124136075828918287037758927191447826707233876916396730936365584704201525802806009892366608834910101419219957891196104538322266555160652329444921468362525907130134965311064068870381940624996449410632960760491317833379253431879193412822078872504618021680609253
e = 65537
所以,我在此处,只需对base64url进行编码即可.
So, what I understand reading here, just need to base64url encode both.
(Python示例)
n = urlsafe_b64encode(str(n))
e = urlsafe_b64encode(str(e))
n = "MTI0NjkyOTcxOTQ0Nzk3MTc3NDAyOTk2NzAzMDUzMzAzODc3NjQxNjA5MTA2NDM2NzMwMTI0MTM2MDc1ODI4OTE4Mjg3MDM3NzU4OTI3MTkxNDQ3ODI2NzA3MjMzODc2OTE2Mzk2NzMwOTM2MzY1NTg0NzA0MjAxNTI1ODAyODA2MDA5ODkyMzY2NjA4ODM0OTEwMTAxNDE5MjE5OTU3ODkxMTk2MTA0NTM4MzIyMjY2NTU1MTYwNjUyMzI5NDQ0OTIxNDY4MzYyNTI1OTA3MTMwMTM0OTY1MzExMDY0MDY4ODcwMzgxOTQwNjI0OTk2NDQ5NDEwNjMyOTYwNzYwNDkxMzE3ODMzMzc5MjUzNDMxODc5MTkzNDEyODIyMDc4ODcyNTA0NjE4MDIxNjgwNjA5MjUz"
e = "NjU1Mzc="
我怎么了?例如,因为 Google密钥具有不同的编码.
In what am I wrong? Because, for example, google keys have a different encoding.
(Google键值)
n = "rl1iVsRbhod-gDJj2SDs94lk5iY0QYXV5HIPtjcx4KmIlmq-cdmfLteTeIHFsO5c6hKUt8R3uZzaQNgF3fKt700fT4m6tU23qK4EoLlx9Z_uSajtpMajdmX_FOdyHyQgcn0tj3YqPeYCOTBhRVNoLIenf9vy0hfFy71lcPhylnE",
e = "AQAB"
我错过了什么吗?谢谢您的时间.
Am I missing something? Thanks for your time.
PD:我正在研究的项目.
推荐答案
您正在对值的十进制表示形式进行base64url编码,但是您应该对八位组值进行base64url编码,即,此处定义的big-endian字节序列: https://tools.ietf.org/html/rfc7518#section-6.3.1.1 和此处 https://tools.ietf.org/html/rfc7518#section -2
You're base64url-encoding the decimal representation of the values but you should base64url-encode the octet value, i.e. the big-endian byte sequence as defined here: https://tools.ietf.org/html/rfc7518#section-6.3.1.1 and here https://tools.ietf.org/html/rfc7518#section-2
Base64urlUInt
Base64urlUInt
正整数或零整数表示为 值的无符号big-endian的base64url编码 表示为八位位组序列.八位位组序列必须 利用最少的八位字节数来表示 价值.零表示为BASE64URL(单个零值 八位字节),即"AA".
The representation of a positive or zero integer value as the base64url encoding of the value's unsigned big-endian representation as an octet sequence. The octet sequence MUST utilize the minimum number of octets needed to represent the value. Zero is represented as BASE64URL(single zero-valued octet), which is "AA".
这篇关于如何在jwks_uri端点中为OpenID Connect发现返回RSA密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!