Closed dunkboy closed 6 years ago
There's no such class called JwkStore
on this SDK
ok,I want to know Algorithm algorithm = Algorithm.RSA256(keyProvider) and the keyProvider means that one PrivateKey to many publicKey.They are dynamic changes?
If I understand correctly, you want to implement the KeyProvider
interface. In there you need to override all 3 methods:
getPublicKeyById(keyId)
: Provides a public key to verify using JWT.require(algorithm)
an already signed token that has the given kid
value on the headergetPrivateKey()
: Provides a private key used to sign a token you are creating with JWT.create()
getPrivateKeyId()
: Provides the kid
value to include in the header of that signed token ☝️ More here.
If you are always signing the token with the same private key on your server side, then your getPublicKeyById
method will always return the same public key (you definitely still want to check the kid
before handling that key instance)
How you read / create those keys is up to you and it's outside of this library's scope.
I understand, thanks to you anyway.
If I understand correctly, you want to implement the
KeyProvider
interface. In there you need to override all 3 methods:
getPublicKeyById(keyId)
: Provides a public key to verify usingJWT.require(algorithm)
an already signed token that has the givenkid
value on the headergetPrivateKey()
: Provides a private key used to sign a token you are creating withJWT.create()
getPrivateKeyId()
: Provides thekid
value to include in the header of that signed token ☝️More here.
If you are always signing the token with the same private key on your server side, then your
getPublicKeyById
method will always return the same public key (you definitely still want to check thekid
before handling that key instance)How you read / create those keys is up to you and it's outside of this library's scope.
What should happen if the get()
method in the JWKS library throws an exception? The only option inside getPublicKeyById()
is to return null
which will result in an IllegalStateException
being thrown. Perhaps there should be something like a KeyProviderException
that the methods of KeyProvider
could throw?
@martinoconnor Indeed, there's lack of exception handling on the current interface definition.. I think we can change the signature adding a RuntimeException
without breaking people by making it throw a RuntimeException
subclass. KeyProviderException
sounds good.
There is no need to make it a RuntimeException
since existing implementations will not need to be modified to throw said exception. It could extend JWTVerificationException
so that existing logic could handle it. This would seem like the most backwards compatible and elegant change you could make here.
hello: what the JwkStore to do?I do not find the class JwkStore in the JWT jar