Exposing the Public Certificate via 'jwks_uri'

Question

What I'm trying to do is, running the Conformance Testing for OpenID Connect using the test suite provided is link [1]

The current requirement we have is, exposing the Public Certificate via jwks.json ('jwks_uri'). We followed the 'jwks_uri'[2] of 'Google OAuth2 cert' and designed following jwks.json file to expose the public certificate of our server.

{
 "keys": [
  {
   "kty": "RSA",
   "alg": "RS256",
   "use": "sig",
   "n": "94A7FA15D6F59CF3F4E4412880BD3A2EB0CCCE3386AC0768A5B6BD902A8CE78B969516EF35F0CA4E2D922BF0B3274F35A5949BEF680E510007696C409BFB8F058DB05ED21B1E51D3791E9C2F9C7FC35BC65C706BE4E7723A3ABABB84B0AFD591EDB8E0A8920873FC04EB8723EAF9092D31F5E7452E07ACA1894F3C5A09C53B39",
   "e": "65537"
  }
 ]
}

To get the modulus and the exponent values for the Public Key, I have followed post [3].

After doing all these, when running the test suite, the signature validation fails. What I feel is the "n" and "e" values we have set are not is proper encoding/encryption. Currently they are entered as hexadecimal. But this is not the format in google cert [2].

Do you know,

how to get the modulus and the exponent values for a Public Key, in proper format ?
what is the format of modulus and exponent values, that we need to set in 'jwks_uri' ?

[1] http://openid.net/certification/testing/ [2] https://www.googleapis.com/oauth2/v2/certs [3] RSA: Get exponent and modulus given a public key

n is obviously in hex, but e is almost certainly in decimal. — President James K. Polk, Nov 19 '15 at 00:37

score 0 · Answer 1 · answered Nov 15 '16 at 21:05

0

There is node library that will create this for you: https://github.com/dannycoates/pem-jwk.

If you have your public key, then you can run:

pem-jwk public.pem > public.jwk

answered Nov 15 '16 at 21:05

darick_c

309
1
2
7

Exposing the Public Certificate via 'jwks_uri'

1 Answers1