Menu
I am working with OpenID Connect in my application, i got the JWT token correctly from Google and I need to validate it using Signature. To achieve this i need the public key, Google provide an URL which contains all its public certificate.
https://www.googleapis.com/oauth2/v3/certs
but it returns this :
{
"keys": [
{
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"kid": "f86c80f329b3ac69232463382fc1644167211d23",
"n": "wItpB2JpNKNgBM-xjgFbMGLYySu0SvaSA8Ag_MpqWrlWOvWvd3JQFrNKdw1nCGrGSczP6FdCRptogSEO51UB3n1h2quH-YW3NPGt0JGqXdRARJ1I1cOVq3dvrPaZhtDcEQCBAdqEmix_ngQM5vD1t8J22JO_v_JzJlTkzfYu5dPeSoXZymtgGeofdu38L1y-FlFqD09p6IP6Fxza22cv3ST3Dsw3eQ1yzGi5YuO0scTpds0jqPAslddclo22zapqB1_6qplwunpT3qAuObYR5Xn3gPseyQiwDtIk7MpEkb_AA_r4bpUGIh9-1SX3ev8urVZJ1Sg1Y_Rr-u7oQO9pdQ",
"e": "AQAB"
},
what does this mean ? where is the public key or the certificate here?
Thanks for your Help !
769
Whether you use the JWT operations or the traditional operations that create opaque string tokens, the basic use of the OAuthV2 policy is the same. You can use JWT access tokens with all of the supported OAuthV2 grant types. See also Introduction to OAuth 2.0.
What is JWKS endpoint? The JSON Web Key Set (JWKS) endpoint is a read-only endpoint that contains the public keys' information in the JWKS format. The public keys are the counterpart of private keys which is used to sign the tokens.
The JSON Web Key Set (JWKS) is a set of keys containing the public keys that should be used to verify any JSON Web Token (JWT) that is issued by an authorization server and signed using the RSA or ECDSA algorithms.
This looks like a JSON Web Key Set containing a description for an RSA public signing key. Parameters e and n for such keys are in turn described in JSON Web Algorithms.
102
In addition to Pieter's answer, you can find the PEM X.509 certificate representation of those RSA keys here: https://www.googleapis.com/oauth2/v1/certs
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
