StephanRichter/LightOidc
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

trying to implement using jose library. current obstacle is: I don't know how to involve client secret in key generation

Browse Source 
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
Stephan Richter
2024-07-29 00:36:19 +02:00
parent ddb30ba295
commit 252252a9d1
2 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
de.srsoftware.oidc.backend/build.gradle
View File

@@ -16,6 +16,7 @@ dependencies {
implementation project(':de.srsoftware.oidc.api')
implementation project(':de.srsoftware.logging')
implementation 'org.json:json:20240303'
implementation 'org.bitbucket.b_c:jose4j:0.9.6'
}
test {

33
de.srsoftware.oidc.backend/src/main/java/de/srsoftware/oidc/backend/TokenController.java
View File

@@ -13,6 +13,12 @@ import de.srsoftware.oidc.api.PathHandler;
import java.io.IOException;
import java.util.*;
import java.util.stream.Collectors;
import org.jose4j.jwk.RsaJsonWebKey;
import org.jose4j.jwk.RsaJwkGenerator;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.lang.JoseException;
import org.json.JSONObject;
public class TokenController extends PathHandler {
@@ -68,6 +74,31 @@ public class TokenController extends PathHandler {
}
private String createJWT(Client client) {
return null;
try {
RsaJsonWebKey rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);
rsaJsonWebKey.setKeyId("k1");
JwtClaims claims = new JwtClaims();
claims.setIssuer("Issuer"); // who creates the token and signs it
claims.setAudience("Audience"); // to whom the token is intended to be sent
claims.setExpirationTimeMinutesInTheFuture(10); // time when the token will expire (10 minutes from now)
claims.setGeneratedJwtId(); // a unique identifier for the token
claims.setIssuedAtToNow(); // when the token was issued/created (now)
claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago)
claims.setSubject("subject"); // the subject/principal is whom the token is about
claims.setClaim("email", "mail@example.com"); // additional claims/attributes about the subject can be added
List<String> groups = Arrays.asList("group-one", "other-group", "group-three");
claims.setStringListClaim("groups", groups); // multi-valued claims work too and will end up as a JSON array
// A JWT is a JWS and/or a JWE with JSON claims as the payload.
// In this example it is a JWS so we create a JsonWebSignature object.
JsonWebSignature jws = new JsonWebSignature();
jws.setPayload(claims.toJson());
jws.setKey(rsaJsonWebKey.getPrivateKey());
jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
return jws.getCompactSerialization();
} catch (JoseException e) {
throw new RuntimeException(e);
}
}
}