search

amosproj / amos2022ss08-openid-connect-doctor

Tool for the creation of OpenID Connect configurations
MIT License
0 stars 4 forks source link

Validate Signature #11

Open AnnaBilo opened 2 years ago

AnnaBilo commented 2 years ago

User Story

  1. As a user
  2. I want to be able to validate a signature
  3. So that I can confirm its validity

    Acceptance Criteria

    • validate the signature of a token, provided a public key
    • Extract the algorithm used to sign the token
    • Given a signature function and a token, the validity of a token is confirmed
mindtheme commented 2 years ago

The public keys of an identity provider are accessible over their jwks_uri

mindtheme commented 2 years ago

https://www.npmjs.com/package/jsonwebtoken (used by the customer)

skriesch commented 2 years ago

I have created our development branch for this task and have added the jsonwebtoken library.

skriesch commented 2 years ago

I look, that I can use jwt.verify for the verification: https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback

skriesch commented 2 years ago

Philip has implemented and added the validation of the token (incl. the signature) last week with https://github.com/amosproj/amos2022ss08-openid-connect-doctor/commit/e32b4656524d70f03e01a5330625813a535b5413

@RumiAust Should we add an output of the validation into the frontend to complete this task? That would complete the acceptance criteria "the validity of a token is confirmed".

RumiAust commented 2 years ago

@skriesch I think in the front end we just need to show a confirmation message of signature validity.