I have an Azure AD JWT token that is obtained using Msal library but when I try to validate this token something is wrong:
Client: A Sharepoint Web Part
const config = {
auth: {
clientId: "xxxxx",
authority: "https://login.microsoftonline.com/yyyyyy"
}
};
const myMSALObj = new UserAgentApplication(config);
let accessTokenRequest = {
scopes: ["user.read"],
loginHint: this.context.pageContext.user.loginName,
extraQueryParameters: {domain_hint: 'organizations'}
}
myMSALObj.acquireTokenSilent(accessTokenRequest).then(
function(accessTokenResponse) {
// Acquire token silent success
let accessToken = accessTokenResponse.accessToken;
I'm trying to retrieve the publick key from: https://login.microsoftonline.com/tenant-id/.well-known/openid-configuration but with this public key I can never redirect to: https://login.microsoftonline.com/common/discovery/keys
Is there any other way to obtain the public key in this case?
Server: Validation
public PublicKey getPublicKeyFromParams(String e, String n){
byte[] modulusBytes = Base64.getUrlDecoder().decode(n);
BigInteger modulusInt = new BigInteger(1, modulusBytes);
byte[] exponentBytes = Base64.getUrlDecoder().decode(e);
BigInteger exponentInt = new BigInteger(1, exponentBytes);
KeyFactory keyFactory;
RSAPublicKeySpec publicSpec = new RSAPublicKeySpec(modulusInt, exponentInt);
try {
keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(publicSpec);
} catch (NoSuchAlgorithmException | InvalidKeySpecException ex) {
ex.printStackTrace();
}
return null;
}
@Test
public void name() throws Exception {
String jwt = "xxxxxxx";
KeyPair keyPair = Keys.keyPairFor(SignatureAlgorithm.RS256);
String e = Base64.getUrlEncoder().encodeToString((((RSAPublicKeyImpl) keyPair.getPublic()).getPublicExponent()).toByteArray());
String n = Base64.getUrlEncoder().encodeToString((((RSAPublicKeyImpl) keyPair.getPublic()).getModulus()).toByteArray());
System.out.println("Public Key: " + Base64.getUrlEncoder().encodeToString(keyPair.getPublic().getEncoded()));
System.out.println("Public Key Exponent: " + e);
System.out.println("Public Key Modulus: " + n);
String jws = Jwts.builder().setSubject("pepe").signWith(keyPair.getPrivate()).compact();
System.out.println("Generated JWS:" + jws);
PublicKey publicKey = getPublicKeyFromParams(e, n);
Jwt parsedJWs = Jwts.parserBuilder().setSigningKey(publicKey).build().parse(jws);
System.out.println("Parsed JWS: " + parsedJWs);
publicKey = getPublicKeyFromParams(eValue, nValue);
System.out.println("Azure PublicKey fron n-e: " + publicKey);
CertificateFactory factory = CertificateFactory.getInstance("X.509");
Certificate cert = factory.generateCertificate(new ByteArrayInputStream(
DatatypeConverter.parseBase64Binary("cccccccccccccccccc")));
publicKey = cert.getPublicKey();
System.out.println("Azure PublicKey from x5c: " + publicKey);
Jwt jwtParsed = Jwts.parserBuilder().setSigningKey(publicKey).build().parse(jwt);
System.out.println(jwtParsed);
}
public static PublicKey getPublicKey(String key){
try{
byte[] byteKey = Base64.getDecoder().decode(key);
X509EncodedKeySpec X509publicKey = new X509EncodedKeySpec(byteKey);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePublic(X509publicKey);
}
catch(Exception e){
e.printStackTrace();
}
return null;
}
Regards