...
Note: we can also call this using https with some small modifications.
Client authentication with signed JWT with client secret
This is similar to the option above except we sign with the client secret instead of the private key.
...
To use the JWKS option we need to create a jwks from our private key or public key.
The following code performs this operation:
...
Code Block | ||||
---|---|---|---|---|
| ||||
package main import ( "crypto/rsa" "crypto/x509" "encoding/base64" "encoding/json" "encoding/pem" "flag" "fmt" "golang.org/x/crypto/ssh" "io/ioutil" "math/big" ) type Jwks struct { Keys []Key `json:"keys"` } type Key struct { Kid string `json:"kid"` Kty string `json:"kty"` Use string `json:"use"` N string `json:"n"` E string `json:"e"` } var privateKeyFile keyFile string var keyType string func maingetKeyFromPrivate(key []byte) { flag.StringVar(&privateKeyFile, "keyfile", "/mnt/c/Users/ktimoney/keycloak-certs/client.key", "Location of private key file") (*rsa.PublicKey){ prvKeyparsed, err := ioutilssh.ReadFile("/mnt/c/Users/ktimoney/keycloak-certs/client.key"ParseRawPrivateKey(key) if err != nil { fmt.Println(err) } parsed, err := ssh.ParseRawPrivateKey(prvKey)// Convert back to an *rsa.PrivateKey ifprivateKey err != nil {:= parsed.(*rsa.PrivateKey) publicKey fmt.Println(err):= &privateKey.PublicKey return publicKey } func getKeyFromPublic(key []byte) (*rsa.PublicKey){ pubPem, _ := pem.Decode(key) parsed, err := x509.ParsePKIXPublicKey(pubPem.Bytes) if err != nil { fmt.Println("Unable to parse RSA public key", err) } // Convert back to an *rsa.PrivateKey privateKeypublicKey := parsed.(*rsa.PrivateKeyPublicKey) return publicKey := &privateKey.PublicKey } func main() { flag.StringVar(&keyFile, "keyFile", "/mnt/c/Users/ktimoney/keycloak-certs/client_pub.key", "Location of key file") flag.StringVar(&keyType, "keyType", "public", "Type of key file") flag.Parse() key, err := ioutil.ReadFile(keyFile) if err != nil { fmt.Println(err) } var publicKey *rsa.PublicKey if keyType == "public" { publicKey = getKeyFromPublic(key) }else{ publicKey = getKeyFromPrivate(key) } jwksKey := Key{ "something", "RSA", "sig", base64.RawStdEncoding.EncodeToString(publicKey.N.Bytes()), base64.RawStdEncoding.EncodeToString(big.NewInt(int64(publicKey.E)).Bytes()), } jwksKeys := []Key{jwksKey} jwks := Jwks{jwksKeys} jwksJson, err := json.Marshal(jwks) if err != nil { fmt.Println(err) return } fmt.Println(string(jwksJson)) } |
...