search

yourkarma / JWT

A JSON Web Token implementation in Objective-C.
MIT License
351 stars 107 forks source link

Add support for JWK #173

Open elenatorroglosa opened 6 years ago

elenatorroglosa commented 6 years ago

New Issue Checklist

Issue Info

Info Value
Platform Name ios
Platform Version 8.0
Integration Method cocoapods
JWT Version 3.0.0-beta.7
Xcode Version Xcode 9.0

Issue Description and Steps

I would sincerely appreciate having support for the JWK format to use as input to the decoding and validation function with RS256. Do you have the foresight to include this function in the library? Meanwhile, is there any way or shortcut to dynamically convert from JWK to PEM, which is the format currently supported by the library? Thank you very much in advance.

lolgear commented 6 years ago

@elenatorroglosa Hi! Well, I could add a milestone for that. I suppose that possible solution for JWK support in current version is a custom JWTStringCoder__Protocol object.

NSString *jwkSecretInsideObject = @"{/*jwk*/}";
id<JWTAlgorithmDataHolderProtocol> holder = [JWTAlgorithmRSFamilyDataHolder new].stringCoder([JWKStringCoder new]).secret(jwkSecretInsideObject).algorithmName(@"RS256");

Inside string coder you could extract necessary items and make further conversion of keys base64 format into bytes.

Alternative, you could use JWTCryptoKey API for conversion public and private keys base64 formatted strings into raw Security framework keys.

@protocol JWTCryptoKey__Generator__Protocol
- (instancetype)initWithBase64String:(NSString *)base64String parameters:(NSDictionary *)parameters error:(NSError *__autoreleasing*)error;
@end

So, extract keys from JWK.

NSDictionary *jwk = [/*json to dictionary*/];
// extract keys
NSString *publicKey = /*extract from JWK dictionary*/;
NSString *privateKey = /*extract from JWK dictionary*/;

// and put them into appropriate key.
// pass nil parameters
NSDictionary *parameters = nil;
NSError *theError = nil;
NSError **error = &theError;
id publicJWTKey = [[JWTCryptoKeyPublic alloc] initWithBase64String:(NSString *)publicKey parameters:(NSDictionary *)parameters error:(NSError *__autoreleasing*)error];
id privateJWTKey = [[JWTCryptoKeyPrivate alloc] initWithBase64String:(NSString *)privateKey parameters:(NSDictionary *)parameters error:(NSError *__autoreleasing*)error]

And set them as verifyKey() or signKey(). ( Fluent API of JWTDataHolder for RSFamily ).