Skip to Content (Press Enter)
UserImage.jpg
Alex Ruinen
19Views
1Comments
Solved
Converting newly generated RSAKey to JWK
Question
Security
ODC

Hi,

I am in an ODC instance, where I am trying to leverage the built-in "Security" library to create and validate JWTs for my external API.

My main question is: How do I convert the output of "RSA_NewKey" action to the input parameter "JWKForSigning" used in the action "JWT_CreateToken"?

Steps I already did:

1. Create new RSAKey using "RSA_NewKey"

2. Save key encrypted in the database

3. Write an action flow to get the key, decrypt it and convert it, to used in the action "JWT_CreateToken"

In step 3, something goes wrong -> The "JWT_CreateToken" returns "Something went wrong on our side" when calling the action. I have tried with OS Support, but they cannot help me further. I have found that the problem lies in my "JWKForSigning", since not providing this input parameter results in getting a token from the action.

Now delving further into the steps that make our previous step 3:

1. Get the private RSAKey out of the database.

2. Decrypt the private RSAKey

3. Convert RSAKeyToJWK

Step 3 "Convert RSAKeyToJWK" is done as follows

Input: Private RSAKey as string

Output: JWK (as structure) and JWKPlainText. Structure attributes: (kty, n, e, d, p, q, dp, dq, qi), name: JWK

1. Convert the private RSAKey from XML to JSON with "XMLToJson".

2. Replace double quotations to single quotations.

3. Deserialize this JSON to RSAKeyValue JSON With attributes (D, DP, DQ, Exponent, InverseQ, Modulus, P, Q)

4. Add JWK.kty = "RSA"

5. Decode all RSAKeyValue attributes from Base64ToBase64URL and map to JWK (output structure)

5.1. Replace(Base64String, "+", "-")

5.2 Replace(Base64UrlString, "/", "_")

5.3 Regex_Replace(Base64UrlString, "=", "")

6. Serialize JWKToPlain text

7. Replace double quotations to single quotations.

The output of this action is thus a JWK in structure format and the same in PlainText. I am using the PlainText variant for my "JWKForSigning".

Since this doesn't work, there is clearly something wrong with my process, however, I cannot find it. Is there someone that could help me?

Please let me know if you have any questions regarding this process.

Kind regards,

Alex

0
0
12 May 2025
Copy Link
2022-07-24 08-50-37
Gokula Kannan P
Solution

Hi @Alex Ruinen,

The issue is you are because your JWK is missing two required fields: "use" and "alg". These tell JWT_CreateToken what the key is for and which algorithm to use for signing.

"use": "sig",

"alg": "RS256"

Adding these fields to your current JWK structure (before converting it to plaintext) should resolve the error you’re encountering during token generation.


1
0
13 May 2025
Copy Link
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.