How to validate a JWT token using JWK keys?

F

FulgerX20072020-09-09 10:59:59

Nginx

FulgerX2007, 2020-09-09 10:59:59

Hi all.

I want to validate a JWT token at the Nginx Plus server level using JWK keys.

JWK key example:

{
  "keys": [
    {
      "kty": "RSA",
      "n": "xxEYtAKiN0pt_XPijJKq8lel-YLcrw0FSf89_UtczfT1pAuF2bjbaL1Jdh5WvNuznJ7g_WKNRMXv6p65pJhWnebFGi2Bg5oac5dCMx3ojNi2sHuEhp4r6jA78kD0KQZhR7ypRLhYrFmre2gc1xoFt7774wFLgsTLsa1lR-nNP2yEpvATIU0e82JmVfdrzdYL3qT9dEHc6NhOVL7vDTK0kJNseabl1ccs61zBUKvVfXpp3W2PgftDJ29SRK_dTFkoKxS3Bbc5d3rwrfDl34TIcH1CVcs7Jk28MFVowdzQeqvZx7cNiQUEqTxn9iXbdsNS-R3irpwr4ET8ABD4atXZJa7c3BmpCemNtvfedK6zNlA0WgmOPNsdrLLCDqoiteQ7CnrogVHm2ReBmR-W-DG0rojX6uxDrduRRZ49InPcgTazDBqtLW2cK0nyYaZaMnFx4TBpSmqReR7hJaSiPrGiSeCz_7hOLdipEJiZE3C0LTj2jUtKc3pRDaJiN4_XjnopPV0gRY70vaiKGcsml1k3smGGfdc7e5gjrKNy-oLydeGuQk-iybA1fpK7nHn-WA8fwOdiozi_QXVEJlmR8Aen8naYNzzjQMn9V_WxUEg0q-JzIaf-nnxFGATBIcNXbBKD0A8rPEVQ8zXnhYEEP1DakC61apGKtMEGn3R5QJP2dJE",
      "e": "AQAB",
      "use": "sig"
    }
  ]
}

There is also Nginx config:

server {
    listen       80 default_server;
    server_name  localhost;

    # вариант когда JWK ключ находится на том же сервере с Nginx
    location /api/v1/data {
        auth_jwt "localhost";
        auth_jwt_key_file conf.d/key.jwk;
        proxy_pass http://example.com;
    }

    #  вариант когда Nginx запрашивает JWK ключи с другово сервера 
    location /api/v2/data {
        auth_jwt "closed site";
        auth_jwt_key_request /_jwks_uri; # Keys will be fetched by subrequest

        proxy_pass http://example.com;
    }

    location = /_jwks_uri {
        internal;
        proxy_method GET;
        proxy_set_header  Accept "application/json";
        proxy_pass   http://{auth_server_address}/oauth2/.well_known/keys; # Obtain keys from here
    }
}

When the JWK key file is located on the same server with Nginx, then everything works fine.
But when Nginx needs to take keys from another server, it gives this error
invalid JWK set while sending to client

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

V

Vladimir, 2015-09-06
@savaekb

You do not fully consider the issue, considering if some sites suit you, you need this CMS.
For you, first of all, CMS is important in terms of administration, I guess.
Have you seen the admin panels of these sites? :)
Therefore, it is better to look at the full demos of common stores.
Free here - www.opensourcecms.com/scripts/show.php?catid=3&cat... , paid on the site of each (Bitrix, netkat, yumi).

S

Savely Pototsky, 2015-09-07
@savaekb

Thank you all for your replies
I settled on Moguta

A

Artur Atnagulov, 2015-09-06
@atnartur

https://2ip.ru/cms/
If this service does not determine, then most likely something of its own, some kind of CMS works there

H

hime2, 2015-09-06
@hime2

self-written

D

Dmitry Evgrafovich, 2015-09-06
@Tantacula

"the functionality is the same" - bad associations with this phrase. Usually customers who are too lazy to think so say and as a rule it shines with a small check and big hemorrhoids. Do you know what functionality these sites have? maybe they wrote home-made systems in those distant times when there was no mention of cms like opencart, magento and prestashop, maybe their functionality includes integration with a special 1c configuration or adaptation of the engine for a large number of visitors, and they themselves work only under the ancient version php (or something else - I have never met cmd as an extension of a site page). It may turn out that you really don’t need the most difficult-to-implement and exotic things in their sites.
Well, if we talk about a spherical online store, then look towards the opencart, prestashop, magento engines mentioned above, read about their advantages and disadvantages. In theory, with proper customization, they cover most of the client's requirements. Just first create a list of requirements and then go through what provides the functionality of these engines, and what is screwed by individual modules.