Versions Compared

Old Version 149

changes.mady.by.user Kevin Timoney

Saved on

compared with

New Version 150

changes.mady.by.user Kevin Timoney

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note: we can also call this using https with some small modifications.


Client authentication with signed JWT with client secret

This is similar to the option above except we sign with the client secret instead of the private key. 

...

To use the JWKS option we need to create a jwks from our private key or public key.

The following code performs this operation:

...

Code Block
languagetext
titlePEM to JWKS
package main

import (
        "crypto/rsa"
        "crypto/x509"
        "encoding/base64"
        "encoding/json"
        "encoding/pem"
        "flag"
        "fmt"
        "golang.org/x/crypto/ssh"
        "io/ioutil"
        "math/big"
)

type Jwks struct {
        Keys []Key `json:"keys"`
}
type Key struct {
        Kid string `json:"kid"`
        Kty string `json:"kty"`
        Use string `json:"use"`
        N   string `json:"n"`
        E   string `json:"e"`
}

var privateKeyFile keyFile string
var keyType string

func maingetKeyFromPrivate(key []byte) {
        flag.StringVar(&privateKeyFile, "keyfile", "/mnt/c/Users/ktimoney/keycloak-certs/client.key", "Location of private key file")

(*rsa.PublicKey){
        prvKeyparsed, err := ioutilssh.ReadFile("/mnt/c/Users/ktimoney/keycloak-certs/client.key"ParseRawPrivateKey(key)
        if err != nil {
                fmt.Println(err)
        }

        parsed, err := ssh.ParseRawPrivateKey(prvKey)// Convert back to an *rsa.PrivateKey
        ifprivateKey err != nil {:= parsed.(*rsa.PrivateKey)

        publicKey        fmt.Println(err):= &privateKey.PublicKey
        return publicKey
}

func getKeyFromPublic(key []byte) (*rsa.PublicKey){
        pubPem, _ := pem.Decode(key)

        parsed, err := x509.ParsePKIXPublicKey(pubPem.Bytes)
        if err != nil {
                fmt.Println("Unable to parse RSA public key", err)
        }

        // Convert back to an *rsa.PrivateKey
        privateKeypublicKey := parsed.(*rsa.PrivateKeyPublicKey)

        return publicKey := &privateKey.PublicKey
}

func main() {
        flag.StringVar(&keyFile, "keyFile", "/mnt/c/Users/ktimoney/keycloak-certs/client_pub.key", "Location of key file")
        flag.StringVar(&keyType, "keyType", "public", "Type of key file")
        flag.Parse()

        key, err := ioutil.ReadFile(keyFile)
        if err != nil {
                fmt.Println(err)
        }

        var publicKey *rsa.PublicKey

        if keyType == "public" {
           publicKey = getKeyFromPublic(key)
        }else{
           publicKey = getKeyFromPrivate(key)
        }

        jwksKey := Key{
                "something",
                "RSA",
                "sig",
                base64.RawStdEncoding.EncodeToString(publicKey.N.Bytes()),
                base64.RawStdEncoding.EncodeToString(big.NewInt(int64(publicKey.E)).Bytes()),
        }
        jwksKeys := []Key{jwksKey}
        jwks := Jwks{jwksKeys}

        jwksJson, err := json.Marshal(jwks)
        if err != nil {
                fmt.Println(err)
                return
        }
        fmt.Println(string(jwksJson))

}

...