Closed Bryson14 closed 3 weeks ago
Some options that maybe I could get some guidance is:
TokenClaim
By adding an audience and allowing for insecure signature validation, I got it to work and pass the test, which is a start but not the solution.
let decoding = &DecodingKey::from_rsa_der(secret);
let mut validation = Validation::new(Algorithm::RS256);
validation.set_audience(&["my-app-id"]);
validation.insecure_disable_signature_validation();
validation.validate_exp = false;
I'm still leary of this DecodingKey::from_rsa_der()
is the right way to go
SOLVED The issue here is that a .crt is not .pem file. It can be converted however,
The issue here seems to be that the DecodingKey expects a key. RSA public keys usually look like this:
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
The certificate here is very simplified a "wrapper" over the public key. With the openssl tool you can extract it. The command for this looks like this:
openssl x509 -pubkey -noout -in cert.pem > pubkey.pem
After converting it to a formatted .pem file, the ::from_rsa_pem()
should work.
I am working with a company IdP that creates a JWT token we can authenticate with. They are using RS256 and give out the public certificate key in the form of a .crt file in order to validate the keys from them.
The .crt file looks like this:
From my best knowledge, this is in PEM form and I'm saving that .crt to a .pem.
I've verified that the token and the public key do work using the jwt.io website.
I've been stuck for a few days now and this seems mind-numbing! haha
Here is what I've tried using this test function:
For the from_rsa_der, I have this error printout from the test run:
Here is a redacted screenshot from jwt.io![token](https://github.com/Keats/jsonwebtoken/assets/43580701/46e884ac-2d34-40c7-b024-2f268b5c169f)
What am i doing wrong? I been reading the readme but must be missing something.