This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-09-28
Channels
- # announcements (92)
- # aws (7)
- # babashka (13)
- # beginners (42)
- # clj-kondo (9)
- # cljdoc (25)
- # clojure (156)
- # clojure-europe (19)
- # clojure-italy (3)
- # clojure-nl (3)
- # clojure-sg (1)
- # clojure-spec (3)
- # clojure-uk (6)
- # clojurescript (21)
- # copenhagen-clojurians (1)
- # cryogen (3)
- # cursive (9)
- # datahike (3)
- # datomic (5)
- # emacs (8)
- # graphql (4)
- # introduce-yourself (3)
- # jobs (2)
- # malli (1)
- # meander (8)
- # nrepl (3)
- # off-topic (8)
- # om-next (2)
- # pathom (11)
- # rdf (5)
- # reagent (59)
- # remote-jobs (4)
- # shadow-cljs (8)
- # tools-build (23)
- # vim (16)
I'm trying to understand how to manually verify a JWT from its jwks public key properties I have a ~/.well-known/jwks.json that looki like
{"alg":"RS256",
"e":"AQAB",
"kid":"nIkH2Qf4xgTHg5Tyr8kb6EbrACIbzdbjjKjsIgThxAk=",
"kty":"RSA",
"n":"twLD4PL2Dk0SB1kpv34Vkv7ChT78idsbbu08bzzn0e3hCxehKPB3K8X_0aL99lxpgRDzUjuFYYeOTlzcHQUdb5L9E68Ktd_H8nxvLC1oqTkTyUp6xgbdiKh6OGg3AVE65lensfDeAn_BpR7TTnffeTBIVrI2KD8Vyt2CnfPKNfwSblHKtfNKm-o0Rb_IiGzdAutbedACToEkmsfnQ_AaMqHiY7XBuZ12qR04lbKGqWEol5PHKFquXtw7Nrs7CaXx0RqDesKHuRIC-FXGNs8jzfRzv2nNUAbG__jjsqlwlr-6OUSaHpuIf0hWJOG3mzc_6QAaB_TiIQuL2TmMEV_lew",
"use":"sig"},
and I am trying to plug those key properties into
(com.auth0.jwt.JWT/require
(com.auth0.jwt.algorithms.Algorithm/RSA256
(.generatePublic (KeyFactory/getInstance "RSA")
(RSAPublicKeySpec.
(biginteger (.decode (java.util.Base64/getUrlDecoder) n))
(biginteger (.decode (Base64/getUrlDecoder) e)))) nil))
but the modulus is coming out negative
(and it is supposed to be a Base64urlUInt
putting an .abs on does not seem to help
tells me the signature is good, so what am I missing?
how do I decode a a jwks modulus into a positive BigInteger?oh theres an arity-2 BigInteger constructor
public BigInteger(int signum, byte[] magnitude, int off, int len) {
that was indeed my problem...
my next question is > is it possible to cajole the Cognito User Pool App signing key into signing my customized JWT?
I had a small hope that I could plug the > Cognito App Client Secret into an RSAPrivateKeySpec as the private Exponent but it does not does appear to work...
Ho Hum
I have concluded that it is not
my next question is > is it possible to cajole the Cognito User Pool App signing key into signing my customized JWT?