Closed uramen closed 4 years ago
panva
commented
4 years ago id_token_encrypted_response_alg: <string>
id_token_encrypted_response_enc: <string>Also, depending on the JWA algorithms you use you might have to provide jwks argument to the constructor with your private keys in a JWKS format.
panva
commented
4 years ago Please consider supporting the library if it provides value to you or your company and this support was of help to you. Supporting the library means, amongst other things, that the library and such support will be available to you in the future.
uramen
commented
4 years ago Sorry for bothering you @panva but I'm stuck a little. I put JWK from the SIGNICAT platform as you said and got this:
my config now:
client = new googleIssuer.Client(
{
client_id: clientId,
client_secret: clientSecret,
redirect_uris: [redirectUrl],
response_types: ['code'],
id_token_encrypted_response_alg: 'RSA-OAEP',
id_token_encrypted_response_enc: 'A128CBC-HS256',
},
{
keys: [
{
kty: 'oct',
use: 'sig',
kid: 'any.oidc client secret.test.jwk.v.1',
k: <my secret key>,
alg: 'HS256',
},
],
}
);It seems that format is different, should I ask them for something like this:
{
"kty":"EC",
"crv":"P-256",
"x":"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4",
"y":"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM",
"d":"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE",
"use":"enc",
"kid":"1"
// https://tools.ietf.org/html/rfc7517
},Or I can change it by myself. I'm not good in such encrypting stuff sorry :( Thanks!
panva
commented
4 years ago RSA-OAEP means they're wrapping an encryption key (random CEK) using your RSA public key. Ergo, you should have a private key that corresponds with that already.
You should further consult your platform, not here.
Hello, I have some trouble with:
an error that I've received:
discovery URL: https://preprod.signicat.com/oidc/.well-known/openid-configuration
config:
Seems that I need something to encrypt. It will be great If somebody has some thoughts.