Fork me on GitHub
#funcool
<
2018-09-14
>
mitchelkuijpers06:09:54

Hi I am trying to use buddy to validate tokens from Amazon cognito, but they use JWK, has anyone else attempted this before?

mitchelkuijpers06:09:33

It basically means you have to get a public key from an endpoint and then use that to unsign the JWT token but I am not quite sure how, I found this to get the public key:

(:import java.math.BigInteger
           java.security.KeyFactory
           java.security.PublicKey
           java.security.spec.RSAPublicKeySpec
           org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPublicKey)

(defn jwk->public-key [jwk]
  (let [kty (get jwk :kty)
        n   (some-> (get jwk :n)
                    ^bytes (base64/decode)
                    (BigInteger.))
        e   (some-> (get jwk :e)
                    ^bytes (base64/decode)
                    (BigInteger.))]
    (and kty n e
         (->> (RSAPublicKeySpec. n e)
              (.generatePublic (KeyFactory/getInstance kty))))))

mitchelkuijpers06:09:55

Oh it seems there is some support but I need to upgrade buddy.. Sorry for the noise