Skip to first unread message
Narath Carlile
Sep 22, 2017, 6:28:17 PM9/22/17
to Cerner FHIR Developers
Hi team,
I am confirming the id_token JWT by following the OpenIDConnect spec for verifying the JWT. I can find the jwks file, however it does not appear the public key as part of the hash, instead only returning the thumbprint. The fields returned for the RSA tokens are:
e:
kid: (the kid matching that in the id token)
kty: (always RSA)
n:
But no "x5c" that would have the public key I can use to verify the token. Is it an issue with the jwks file server, or am I missing something?
Thanks.
Michele Mottini
Sep 22, 2017, 6:54:08 PM9/22/17
to Cerner FHIR Developers
The public key is expressed as modulus ("n") and public exponent ("e") - see https://tools.ietf.org/html/rfc7517#appendix-A.1
- Michele
Narath Carlile
Sep 25, 2017, 4:01:21 PM9/25/17
to Cerner FHIR Developers
Thanks Michele, that worked!
Michael Y Kopinsky
Jun 2, 2022, 10:45:47 AM6/2/22
to Cerner FHIR Developers
Sorry to revive a 5 year old thread...
Some JWT libraries (specifically, auth0/auth0-PHP) seem to require an x5c to validate a JWT, and don't suffice with the n and e parameters.
Is there a recommended workaround for this, other than switching to a different JWT library? Is it possible to add the x5c to the JWKS response?
Thanks!
Reply all
Reply to author
Forward
0 new messages