Getting "public" properties from keys

[toupeira]

See related discussion at https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/34, we're not sure which key properties we can expose for the JWKS response for key algorithms other than RSA.

It looks like JSON::JWK#normalize might already do this, is this indeed the case and would you accept a PR making that method public?

[travisofthenorth]

It might also be nice to make these public at the same time if possible: https://github.com/nov/json-jwt/blob/aa09a07e4b3939d7a9025ba9db97a861dc0c0817/lib/json/jwk.rb#L55-L65

[nov]

JSON::JWK#normalize is not to calculate JWK of public keys from it's pared private keys. It is for JWK Thumbprint calculation, which is used for default kid calculation.

You can serialize public keys as below.

rsa_private_key = OpenSSL::PKey::RSA.generate(2048)
rsa_public_key = rsa_private_key.public_key

ec_private_key = OpenSSL::PKey::EC.generate('prime256v1')
ec_public_key = ec_private_key.dup.tap do |key|
  # NOTE: `ec_private_key.public_key` returns `OpenSSL::PKey::EC::Point`, not `OpenSSL::PKey::EC`
  key.private_key = nil
end

JSON::JWK.new(rsa_private_key) # NOTE: same with `rsa_private_key.to_jwk`
JSON::JWK.new(rsa_public_key) # NOTE: same with `rsa_public_key.to_jwk`

JSON::JWK.new(ec_private_key) # NOTE: same with `ec_private_key.to_jwk`
JSON::JWK.new(ec_public_key) # NOTE: same with `ec_public_key.to_jwk`

Plus, you won't use shared key JWK generally.
(it's not public, so you can't publish it via jwks_url)

However, if you really want JWK-formatted shared key, you can do so.

JSON::JWK.new(shared_key)

[toupeira]

@nov thanks for the clarification! Do you mean :oct keys by "shared key"? I'm thinking we can leave it in to support OIC providers in private networks with trusted clients.