Skip to content

PRIVATE_KEY_JWT Example

Jump to bottom
Kiran Mali edited this page Sep 2, 2022 · 4 revisions

Example keys

Note: Do not use it for production. It is just for testing. Use https://mkjwk.org/ for testing keys.

It will be used by your client app (not op).

// Example
-----BEGIN PRIVATE KEY-----
MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCDEWTSuw2nDipgq5sjT
Rb7Ha/cqTLewRyySdtqmugPq7Q==
-----END PRIVATE KEY-----

// Example
// jwks with private key `d`
{
    "keys": [
        {
            "kty": "EC",
            "d": "xFk0rsNpw4qYKubI00W-x2v3Kky3sEcsknbaproD6u0",
            "use": "sig",
            "crv": "P-256",
            "kid": "qwertyuiop",
            "x": "wwkzc-dRkv5YXPCKBNva1xsXrlQUSGcUdc_s_X566ZY",
            "y": "Ovh9sgT5f3Sll6fvTSKxp-9rbt-nsIWcaEQRfd8E7z4",
            "alg": "ES256"
        }
    ]
}
// jwks with only public
// add this to your op server client
// In Gluu OP Case, Clients > your_client > Encryption/Signing settings > JWKS
{
    "keys": [
        {
            "kty": "EC",
            "use": "sig",
            "crv": "P-256",
            "kid": "qwertyuiop",
            "x": "wwkzc-dRkv5YXPCKBNva1xsXrlQUSGcUdc_s_X566ZY",
            "y": "Ovh9sgT5f3Sll6fvTSKxp-9rbt-nsIWcaEQRfd8E7z4",
            "alg": "ES256"
        }
    ]
}

Node JS RP Client

const jwt = require('jsonwebtoken')
const got = require('got')
const { v4: uuidv4 } = require('uuid')

const tokenEndpoint = "https://xxx.xxx.org/oxauth/restv1/token"
const clientId = "bf935xxxxxxxxxxxxfe58fa3e444"

// https://mkjwk.org/
const privateKey = `-----BEGIN PRIVATE KEY-----
MEECAQAwEwYHxxxxxxxxxmugPq7Q==
-----END PRIVATE KEY-----`

const defaultRpOptions = {
  algorithm: 'ES256',
  header: {
    typ: 'JWT',
    alg: 'ES256',
    kid: 'xxxxxxxxxx'
  }
}

const getRpJWT = payload => jwt.sign(payload, privateKey, defaultRpOptions)

function makeClientAssertionJWTToken (clientId, tokenEndpoint) {
  const now = new Date().getTime()
  return getRpJWT({
    iss: clientId,
    sub: clientId,
    aud: tokenEndpoint,
    jti: uuidv4(),
    exp: Math.floor((now / 1000) + (60 * 3)),
    iat: Math.floor(now / 1000)
  })
}

const token = makeClientAssertionJWTToken(clientId, tokenEndpoint)

const options = {
  responseType: 'json',
  form: {
    grant_type: 'password',
    client_assertion_type:
        'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
    client_assertion: token,
    client_id: clientId,
    username: 'xxxx',
    password: 'xxx@xxx',
    scope: 'openid profile'
  }
}

got.post(tokenEndpoint, options)
.then(response => {
  console.log(response.body)
})
.catch(error => console.log('E R R O R :', error))
Clone this wiki locally