Hi Team,
I generate JWKS using third party tool which is working fine in my layer 7 Gateway without any changes.
{ "keys": [ { "kty": "EC", "d": "7MJbpdnCfFODZApvMpjgtVrJsePt2_y-_D3wUkzlUvA", "use": "enc", "crv": "P-256", "kid": "demoid", "x": "qQy5GfBw9l3ArH-zH61gXtzTDmGZqjN6dAb-8IFpRE4", "y": "hm1rHBR4vwfJo8W2bH7Um_ui5UAfWj_1UbiMJPd7RlQ", "alg": "ES256" } ] }
But code is working with JWKS which is copied from apigee community site
https://community.apigee.com/questions/86298/encrypting-jwt-using-jwks.html
{ "keys": [{ "kty": "RSA", "kid": "csrfJwtEncryptionKey", "use": "enc", "n": "vBZateaIP2zXRMC6_EthvUTjPISKizmfrQD543yH20rvgmoZomTfKD8YyCMVC9HdUXkBvDNeOtWGYOOy0VpFeDhuoKAu4jXkwZwZS3XDOA4BV5y9_BJo27d-ApVMZedvMnjmniR18NnNXFJQE5VWtx3aDO9RsmqMMd8D91E7V7Ty8xMd6rRnPWaW2vVRvRI1s-rInmepwq6mAWnNKZPDcrEvFRg9ThLVrYHd6bugz21jOATRrI9QuIb4WCNJ2XRlIOhfk1KfCFaKdACS71kxlQOvCOjEK4Kf6RojSk-hvqwqSkVHX4lfOxYTaOVlF6GJF7oqvMV3lIKSlMFfABC7FQ", "e": "AQAB" }] }
Hi, I'm not clear.
what is your specific question?
JWKS generated by your JWT token generator application. The secret normally looks like in JSON format. you need to configure that in apigee encrypted KVM and use for token validation in the policy.
Hang on. JWKS is generally not a secret. JWKS are generally, but not always, public keys, and JWKS are typically made available on public URLs. It is not necessary to configure the JWKS in a KVM.
This answer is not contributing clarity.
A JWKS is a JSON structure that represents a set of JSON Web Keys (JWKs). A JWK is a JSON data structure that represents a cryptographic key. JWK and JWKS are described in RFC7517. See JKWS examples at Appendix A. Example JSON Web Key Sets
RFC7517 describes the JWKS key elements for each key type, such as "RSA" or "EC". For example, depending on the key type, these parameters can include:
Following are examples of optional elements and their values:
The following JWKS includes the required elements and values and would be valid on Edge (from https://www.googleapis.com/oauth2/v3/certs😞
{ "keys":[ { "kty":"RSA", "alg":"RS256", "use":"sig", "kid":"ca04df587b5a7cead80abee9ea8dcf7586a78e01", "n":"iXn-WmrwLLBa-QDiToBozpu4Y4ThKdwORWFXQa9I75pKOvPUjUjE2Bk05TUSt7-V7KDjCq0_Nkd-X9rMRV5LKgCa0_F8YgI30QS3bUm9orFryrdOc65PUIVFVxIwMZuGDY1hj6HEJVWIr0CZdcgNIll06BasclckkUK4O-Eh7MaQrqb646ghFlG3zlgk9b2duHbDOq3s39ICPinRQWC6NqTYfqg7E8GN_NLY9srUCc_MswuUfMJ2cKT6edrhLuIwIj_74YGkpOwilr2VswKsvJ7dcoiJxheKYvKDKtZFkbKrWETTJSGX2Xeh0DFB0lqbKLVvqkM2lFU2Qx1OgtTnrw", "e":"AQAB" }, { "kty":"EC", "alg":"ES256", "use":"enc", "kid":"k05TUSt7-V7KDjCq0_N" "crv":"P-256", "x":"Xej56MungXuFZwmk_xccvsMpCtXmqhvEEMCmHyAmKF0", "y":"Bozpu4Y4ThKdwORWFXQa9I75pKOvPUjUjE2Bk05TUSt", } ] }
ref: https://docs.apigee.com/api-platform/reference/policies/jwt-policies-overview#about-jwks
Do you see any problem with my JWKS? if so, what is your recommendation?
You showed two distinct JWKS, each with a single key.
The first has a key type (kty) of "EC", which means it is suitable for use with elliptic curve encryption algorithms .
The second has a kty of "RSA", which means it is suitable for use with RSA-based encryption algorithms.
There's nothing I can see that is "wrong" with either of the JWKS you showed .
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |