ruby-jwt icon indicating copy to clipboard operation
ruby-jwt copied to clipboard
verified publisher icon jwt

Documentation for using a key finder with JWT.decode

Open ghost opened this issue 8 years ago • 4 comments

I'm looking for documentation on using the key finder code block for the JWT.decode method. Is there any?

ghost avatar Jun 22 '17 22:06 ghost

There is currently no documentation on this topic.

excpt avatar Jun 24 '17 23:06 excpt 

bearer = env.fetch('HTTP_AUTHORIZATION', '').slice(7..-1)
options = {
  algorithm: 'RS256',
  verify_aud: ENV['FIREBASE_PROJECT_ID'],
  verify_iss: "https://securetoken.google.com/#{ENV['FIREBASE_PROJECT_ID']}"
}
JWT.decode(bearer, nil, true, options) do |header|
  url = URI('https://www.googleapis.com/robot/v1/metadata/x509/[email protected]')
  json = JSON.parse(Net::HTTP.get(url))
  OpenSSL::X509::Certificate.new(json[header['kid']]).public_key
end

minakov avatar Feb 07 '18 14:02 minakov

@minakov Are you sure that should end with .public_key? In my case I had to end with OpenSSL::PKey::EC.new(pem) instead of OpenSSL::PKey::EC.new(pem).public_key (using ES256 instead of RS256).

When I add .public_key I get: NoMethodError: undefined method `dsa_verify_asn1' for #<OpenSSL::PKey::EC::Point:0x007f8625153d50>

jhmartin avatar Jun 12 '18 18:06 jhmartin

@jhmartin You should use OpenSSL::X509::Certificate.new(json[header['kid']]).keypair instead.
It returns OpenSSL::PKey::EC that have dsa_verify_asn1 method.

kazzix14 avatar Aug 15 '22 14:08 kazzix14