[JWT] Problem Validating Token with RS256 Public Key

Forge Component
(10)
Published on 20 Jul by João Almeida
10 votes
Published on 20 Jul by João Almeida

Hi,

First of all, thanks for creating this component, it really helps implementing OpenID Connect flows.

Now the problem. With the identity provider I am using, it is only possible to retrieve the RS256 public key using the exposed endpoints. When I try to validate a token with the public key, there is always the error: 'Error opening public key key.' You can see an example of the key below:

-----BEGIN RSA PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgNtTx1tyQpvHr2WrVXxwV8v7F2X3cza9CAk1wO6nmiMVjofAyYYri9rYsGwjrK/BytcV4Rx63VKbb/QrhPpaRR0n5Z73L9LWb/sgp2IFFUBO8FtoQukmHHM6Y00ZhvKqZrIRLlvSg2ih5ihhgt3Uc+vABymWvuGmlzM3vLv0c/CYWF+CVFz24D04kvezC+D4MOrLxV7J9bep8EAhnfqe/1nMIVbZB/zEIeP5rbuURrWqo9PWzJ/7mQDswNZm5jSFn8+22I3tDEnQf/o9q5ENena0bEMywqpT7gFZcRbO9DZICU4LItzJeRl9wtr2puL+OVMDIDgXUHsdQYjyA9bD4wIDAQAB
-----END RSA PUBLIC KEY-----

I am able to validate the token in jwt.io using a similar key like above, however in the OutSystems extension I always get an error.

I noticed that it is possible to validate the token with the RS256 certificate, both in jwt.io and in the OutSystems extension. However, I can only obtain this certificate by copying it from the admin console of the identity provider, as it is not exposed in any endpoint. This is not a good solution as it would need to be configured statically somewhere and not retrieved dynamically. Example certificate below:

-----BEGIN CERTIFICATE-----
MIIClzCCAX8CBgFovsAaUjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARJTU9CMB4XDTE5MDIwNTE3Mzk0N1oXDTI5MDIwNTE3NDEyN1owDzENMAsGA1UEAwwESU1PQjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIDbU8dbckKbx69lq1V8cFfL+xdl93M2vQgJNcDup5ojFY6HwMmGK4va2LBsI6yvwcrXFeEcet1Sm2/0K4T6WkUdJ+We9y/S1m/7IKdiBRVATvBbaELpJhxzOmNNGYbyqmayES5b0oNooeYoYYLd1HPrwAcplr7hppczN7y79HPwmFhfglRc9uA9OJL3swvg+DDqy8VeyfW3qfBAIZ36nv9ZzCFW2Qf8xCHj+a27lEa1qqPT1syf+5kA7MDWZuY0hZ/PttiN7QxJ0H/6PauRDXp2tGxDMsKqU+4BWXEWzvQ2SAlOCyLcyXkZfcLa9qbi/jlTAyA4F1B7HUGI8gPWw+MCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEACZyUJ4Gm7H0WnHWR9Lv6bvxoh3S5phH3SkqXMQUPGzPKAwxMRbGnMqdbh9kids/G2LKqLce906dJnmhC2zkLTNiQUu7prBTu4thEWdfeSqgMa2a5BxzvwT7JrL7xGlm7bWec0xA6MRV+TTK6YdymPSbRilZlb1vvXMpfO6De0PHneAhGpYsHq6EtQOUjFWe/z3Ek9UQFcDvvNjXFjw5iiHmIUSOJASgcC8Ahire/VWk7IHNEuyxwmUTPj8HxgPPioPQ10IPqpfe0dspeh/lZL5HTk6xxAfXsUZ+FVFOko4RzpKDCEr9FdZzV1e1w5qTVoxPM90a8HxU6iq0tT8DVgQ==
-----END CERTIFICATE-----


Is there any way to get around this error so that the public key can be used instead of the certificate or is it necessary to update the OutSystems extension C# code for this to work?

Best Regards,

João Mateus


Hi João, let me test you scenario and I'll get back to you.

Hello!!
 I have the same problem, could you tell me if you found any solution?


Thank you!


-- Ingrid Rojas

ffghg