THALES GROUP LIMITED DISTRIBUTION to email recipients
Hello again,
I added the typ but it doesn't work.
Normally the alg value should be RS256 or RS384 (my try) and not RSA256 or
RSA384 according to the spec.
But I will try anyway with RSA384 instead of RS384 but I have some doubts that
it could work.
More I have a look at the AlgorithmIdentifiers.java from this library and there
is no RSA stuff in there.
Even more the JWT library included in TomEE 9.1.2 is the same than the one I
use to generate my signed JWT.
The doubt I have is confirmed, I can't compile my source code with this line :
JsonWebSignature jws = new JsonWebSignature();
...
jws.setAlgorithmHeaderValue("RSA256"); or
jws.setAlgorithmHeaderValue("RSA384");
I am only allowed to do this:
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); //
AlgorithmIdentifiers.RSA_USING_SHA256 is RS256
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA384); //
AlgorithmIdentifiers.RSA_USING_SHA384 is RS384
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA512); //
AlgorithmIdentifiers.RSA_USING_SHA512 is RS512
Best Regards.
-----Original Message-----
From: Tichov Zoltán <[email protected]>
Sent: jeudi 4 avril 2024 11:48
To: [email protected]
Subject: Re: JWT issue TomEE 9.1.2 micro-profile flavor
Hi Francois!
I think that the "alg" : "RSA256" is more important in the token header than
the "type".
Best regards:
Zoltán
2024. 04. 04. 11:42 keltezéssel, COURTAULT Francois írta:
>
> THALES GROUP LIMITED DISTRIBUTION to email recipients
>
> Hello Zoltan,
>
> I don't know why I have written Victor in my previous post ☹
>
> Sorry about that.
>
> Your point is that typ field is missing in my signed JWT header, right ?
>
> I was believing that this one is not mandatory.
>
> Looking at microprofile-jwt-auth-spec-2.0.pdf, typ is recommended but
> not required.
>
> Anyway I will try and let you know.
>
> Best Regards.
>
> *From:*Tichov Zoltán <[email protected]>
> *Sent:* jeudi 4 avril 2024 11:34
> *To:* [email protected]
> *Subject:* Re: JWT issue TomEE 9.1.2 micro-profile flavor
>
> Hi Francois!
>
> Try to generate the token with "alg" : "RSA256" and "type" : "JWT".
>
> Best regards:
>
> Zoltán
>
> 2024. 04. 04. 11:18 keltezéssel, COURTAULT Francois írta:
>
> THALES GROUP LIMITED DISTRIBUTION to email recipients
>
> Hello Victor,
>
> I use this library:
>
> <dependencies>
>
> <dependency>
>
> <groupId>org.bitbucket.b_c</groupId>
>
> <artifactId>jose4j</artifactId>
>
> <version>0.9.6</version>
>
> </dependency>
>
> </dependencies>
>
> to create the JWT.
>
> Best Regards.
>
> -----Original Message-----
>
> From: Tichov Zoltán<[email protected]>
> <mailto:[email protected]>
>
> Sent: jeudi 4 avril 2024 11:06
>
> To:[email protected]
>
> Subject: Re: JWT issue TomEE 9.1.2 micro-profile flavor
>
> Hi Francois!
>
> How did you generate the token?
>
> Best regards
>
> 2024. 04. 04. 10:38 keltezéssel, COURTAULT Francois írta:
>
> THALES GROUP LIMITED DISTRIBUTION to email recipients
>
> Hello everyone,
>
> I built a war with a class which extends Application and
> annotated
>
> with @LoginConfig(authMethod = "MP-JWT") I have created a
> signed JWT
>
> which is OK when I validated it (public key provided) using
> jwt.io web
>
> site
>
> I want to test this signed JWT with my war.
>
> In this one, under META-INF, I have created a
>
> microprofile-config.properties with the following entries
>
> mp.jwt.verify.publickey=MIIBojANBgkqhkiG9w0BAQEFAAO... (the
> same
>
> public key that I have used to validate the signed JWT using
> jwt.io
>
> web site) mp.jwt.verify.issuer=https://server.example.com
>
> Then I run a curl with -H "Authorization: Bearer
>
> eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey ..." (the same
> signed JWT I used on jwt.io web site) I got this:
>
> * at client side: ...HTTP Status 401 - Unauthorized ...
> Invalid or not parsable JWT
>
> * at server side:
>
> 04-Apr-2024 10:14:31.255 WARNING [http-nio-8080-exec-5]
> org.apache.tomee.microprofile.jwt.MPJWTFilter$ValidateJSonWebToken.parse JWT
> processing failed. Additional details: [[17] Unable to process JOSE object
> (cause: org.jose4j.lang.InvalidKeyException: The given key (key is null) is
> not valid for SHA384withRSA):
> JsonWebSignature{"kid":"abc-1234567890","alg":"RS384"}->
> eyJraWQiOiJhYmMtMTIzNDU2Nzg5MCIsImFsZyI6IlJTMzg0In0.ey...
>
> What's wrong ?
>
> Best Regards.
>
>