openam-examples JWT-bearer-client (JWK set)

This topic contains 3 replies, has 2 voices, and was last updated by  pratik.sayare 1 week, 6 days ago.

  • Author
    Posts
  • #26931
     vanamali 
    Participant

    I was testing the JWT bearer client openam examples for 6.5.2. Configured OAuth2.0 client for and included the public cert. I was getting an error message (Response code: 400 {“error_description”:”Unknown JWT issuer”,”error”:”invalid_grant”}. Since 6.5.2 has new agent for ‘Trusted JWT Issuer Agents’, I configured the trusted issuer. One of the requirement for this configuration is to include the JWK set for the JWT agent. I extracted the public key from the very and converted to JWK and updated the JWK set config. System didn’t like this key and I am getting “Response code: 400 {“error_description”:”JWT signature is invalid”,”error”:”invalid_grant”}.

    Any ideas how to get a proper JWK for the JWT bearer client from the open-am examples?

    Thanks,
    -Mali

    #26932
     vanamali 
    Participant

    Here’s the JWK key extracted from the public cert from the JWT bearer cleient.

    {“kty”:”RSA”,”e”:”AQAB”,”kid”:”00c72668-7bcf-4404-808e-0f623e4ce686″,”n”:”gPhln8MgYQGvhALa7PQZgU4JSUA9qfFfbVpgdK8QuxbIxrsMmUP6aeNoXxw9FEySFhkVcMmj8BVyPJuXJPee2ov7YmzcPtOZLoFKOTFlawkfKEkhgShTDCWhzSSLOBKbXkzAExxueSxBU3lVaI57jLgkxuLfS3qTfyUzrYoq1pI8_qO-dbUtOYv26KotbPngAzqFTc2UIjcnpF-HzBoEg8ASOYdk2q46Xa4aBa6bO5tgMUluiYtJCo7nxG4pVpJUzANuYQ20xhZcgpAvbFO3lcBvARASAn_OyTCkDZpC3UcTp17dTKY6E42FGK7iuTcAgScRVvGu_LgiT7BeDstlWw”}

    #26934
     vanamali 
    Participant

    Here’s the JWK key extracted from the public cert from the JWT bearer cleient.

    {“kty”:”RSA”,”e”:”AQAB”,”kid”:”00c72668-7bcf-4404-808e-0f623e4ce686″,”n”:”gPhln8MgYQGvhALa7PQZgU4JSUA9qfFfbVpgdK8QuxbIxrsMmUP6aeNoXxw9FEySFhkVcMmj8BVyPJuXJPee2ov7YmzcPtOZLoFKOTFlawkfKEkhgShTDCWhzSSLOBKbXkzAExxueSxBU3lVaI57jLgkxuLfS3qTfyUzrYoq1pI8_qO-dbUtOYv26KotbPngAzqFTc2UIjcnpF-HzBoEg8ASOYdk2q46Xa4aBa6bO5tgMUluiYtJCo7nxG4pVpJUzANuYQ20xhZcgpAvbFO3lcBvARASAn_OyTCkDZpC3UcTp17dTKY6E42FGK7iuTcAgScRVvGu_LgiT7BeDstlWw”}

    #27057
     pratik.sayare 
    Participant

    Construct you JWK set using https://8gwifi.org/jwkconvertfunctions.jsp

    I was able to test this feature successfully.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?