trying to implement using jose library. current obstacle is: I don't know how to involve client secret in key generation
Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
This commit is contained in:
@@ -16,6 +16,7 @@ dependencies {
|
|||||||
implementation project(':de.srsoftware.oidc.api')
|
implementation project(':de.srsoftware.oidc.api')
|
||||||
implementation project(':de.srsoftware.logging')
|
implementation project(':de.srsoftware.logging')
|
||||||
implementation 'org.json:json:20240303'
|
implementation 'org.json:json:20240303'
|
||||||
|
implementation 'org.bitbucket.b_c:jose4j:0.9.6'
|
||||||
}
|
}
|
||||||
|
|
||||||
test {
|
test {
|
||||||
|
|||||||
@@ -13,6 +13,12 @@ import de.srsoftware.oidc.api.PathHandler;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
import org.jose4j.jwk.RsaJsonWebKey;
|
||||||
|
import org.jose4j.jwk.RsaJwkGenerator;
|
||||||
|
import org.jose4j.jws.AlgorithmIdentifiers;
|
||||||
|
import org.jose4j.jws.JsonWebSignature;
|
||||||
|
import org.jose4j.jwt.JwtClaims;
|
||||||
|
import org.jose4j.lang.JoseException;
|
||||||
import org.json.JSONObject;
|
import org.json.JSONObject;
|
||||||
|
|
||||||
public class TokenController extends PathHandler {
|
public class TokenController extends PathHandler {
|
||||||
@@ -68,6 +74,31 @@ public class TokenController extends PathHandler {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private String createJWT(Client client) {
|
private String createJWT(Client client) {
|
||||||
return null;
|
try {
|
||||||
|
RsaJsonWebKey rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);
|
||||||
|
rsaJsonWebKey.setKeyId("k1");
|
||||||
|
JwtClaims claims = new JwtClaims();
|
||||||
|
claims.setIssuer("Issuer"); // who creates the token and signs it
|
||||||
|
claims.setAudience("Audience"); // to whom the token is intended to be sent
|
||||||
|
claims.setExpirationTimeMinutesInTheFuture(10); // time when the token will expire (10 minutes from now)
|
||||||
|
claims.setGeneratedJwtId(); // a unique identifier for the token
|
||||||
|
claims.setIssuedAtToNow(); // when the token was issued/created (now)
|
||||||
|
claims.setNotBeforeMinutesInThePast(2); // time before which the token is not yet valid (2 minutes ago)
|
||||||
|
claims.setSubject("subject"); // the subject/principal is whom the token is about
|
||||||
|
claims.setClaim("email", "mail@example.com"); // additional claims/attributes about the subject can be added
|
||||||
|
List<String> groups = Arrays.asList("group-one", "other-group", "group-three");
|
||||||
|
claims.setStringListClaim("groups", groups); // multi-valued claims work too and will end up as a JSON array
|
||||||
|
|
||||||
|
// A JWT is a JWS and/or a JWE with JSON claims as the payload.
|
||||||
|
// In this example it is a JWS so we create a JsonWebSignature object.
|
||||||
|
JsonWebSignature jws = new JsonWebSignature();
|
||||||
|
jws.setPayload(claims.toJson());
|
||||||
|
jws.setKey(rsaJsonWebKey.getPrivateKey());
|
||||||
|
jws.setKeyIdHeaderValue(rsaJsonWebKey.getKeyId());
|
||||||
|
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
|
||||||
|
return jws.getCompactSerialization();
|
||||||
|
} catch (JoseException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user