search

cloudfoundry / uaa

CloudFoundry User Account and Authentication (UAA) Server
Apache License 2.0
1.59k stars 827 forks source link

how do i verify a token #2694

Closed developer992 closed 9 months ago

developer992 commented 9 months ago

First of all i am developing an application for SAP cloud, is this documentation correct? SAP's XS UAA Service.

2nd) I've implemented oauth2 authorization code grant and have obtained the token

3) how do i verify it is correct? what if user logs out or revokes token, how do i know if it is still correct/valid ?

i have token keys that look like this

{"keys":[{"kty":"RSA","e":"AQAB","use":"sig","kid":"default-jwt-key--1718333794","alg":"RS256","value":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3bcpB83D8UiT73s/C3L\nIwOyvhLkWTGiG1zz6jnkQnZ/nuwAQ0HT0fTYtEO3xGMEMjeFkMwJTwFwfMfG9Chc\n31e2JQQRMcS50yJFqo4H3WNYphmBWUBT/Zg0MqOT7w1iarXlzkfT01/CpYB7y2ng\nIG9/8AHSOBr5kTGNAqCZ1YQnA2LGY87sbARW7NfTT0fVdOKCEz7R2wDnTEA/ympA\n+6gdc+LyXDc9YS80bw70tyJv1m1fTGZkhM/9eTdaDspoTI9gi8zuYvcP6HDqCCrZ\n5ITLLtIaK2jpddUSAB03GY0ZoGd4YjwYFQ+DnzXSj2D2QoIWWzOgGylp4iXFHWwM\nFwIDAQAB\n-----END PUBLIC KEY-----","n":"l3bcpB83D8UiT73s_C3LIwOyvhLkWTGiG1zz6jnkQnZ_nuwAQ0HT0fTYtEO3xGMEMjeFkMwJTwFwfMfG9Chc31e2JQQRMcS50yJFqo4H3WNYphmBWUBT_Zg0MqOT7w1iarXlzkfT01_CpYB7y2ngIG9_8AHSOBr5kTGNAqCZ1YQnA2LGY87sbARW7NfTT0fVdOKCEz7R2wDnTEA_ympA-6gdc-LyXDc9YS80bw70tyJv1m1fTGZkhM_9eTdaDspoTI9gi8zuYvcP6HDqCCrZ5ITLLtIaK2jpddUSAB03GY0ZoGd4YjwYFQ-DnzXSj2D2QoIWWzOgGylp4iXFHWwMFw"}]}

how do i decode the token using this info, same as https://jwt.io/#encoded-jwt this website does ...

jwt.io is a client side app that is able to fully decode my token without even knowing what uaa service it came from or having public key ... so how do i do the same?

thanks!

cf-gitbot commented 9 months ago

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/186934455

The labels on this github issue will be updated when the story is started.

strehle commented 9 months ago

Hi, in case of XS UAA you should follow https://github.com/SAP/cloud-security-services-integration-library

developer992 commented 9 months ago

they don0t even have docs ... issues, or discussions

wtf man this sap is piece of shit

strehle commented 9 months ago

they don0t even have docs ... issues, or discussions

wtf man this sap is piece of shit

please keep your words friendly. If you have questions to this component here you can use slack (see readme) because this issue application here is for problems you see with this code only.