l8w8jwt: [BUG]Can't parse Firebase public RS256 keys
Describe the bug I’m trying to validate a JWT token generated by Firebase. It seems l8w8jwt can’t parse the public keys provided to validate the signature.
params.alg = L8W8JWT_ALG_RS256;
The public keys are provided here: https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com
To Reproduce Steps to reproduce the behavior:
- Go to ‘…’
- Click on ‘…’
- Scroll down to ‘…’
- See error
Expected behavior Public keys parses correctly
Screenshots N/A
Desktop (please complete the following information):
- OS: MaOS 10.15.4
Additional context
Certificate provided below
-----BEGIN CERTIFICATE-----\nMIIDHDCCAgSgAwIBAgIIA/oH1w0GNmMwDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE\nAxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMjAw\nNDI3MDkxOTU2WhcNMjAwNTEzMjEzNDU2WjAxMS8wLQYDVQQDEyZzZWN1cmV0b2tl\nbi5zeXN0ZW0uZ3NlcnZpY2VhY2NvdW50LmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAJ0JeaPobguFV56+uzblHTomAFVcixD2fyERU4x618fxuTRq\nEBCZErH3SeUIR0KH8KIbjBYcF8DVZLF0xWSAIhVCbcp1t+53ICri4uWrh6VI0vvl\nsj0u5zB1r26UYfbAv3vyV8ImbfjFra2JUnWs+zzf102X2cD0CiFnG5qXWQnEoGdg\nY0GbAH+AMjH4Pt9W+aohZ+LpZXjakjPaqF1x61pTy0ApHOrHnprzDxd13jIansoj\nHO4fphkxBJiiXBaCuWrexrLdPJZiYtyuimuMtVBTPnIfFJye8uMB8zV0F6STeSYg\nYDmWcAbyRViyivcoyxQZh/A1WdEV9VmhpltqaZ0CAwEAAaM4MDYwDAYDVR0TAQH/\nBAIwADAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDQYJ\nKoZIhvcNAQEFBQADggEBABnHr4qQhoXG9T93ChoyhKvY8dFEe0FPUcUT6zaJxR4F\nuXahQtUEIzXdLZ9ADStMMePNJRj8kAEvwPIyioKppV/AF6Y/Ea8XHm7KNvY+c8FA\nI7lBbfg9azJcrtZGQsSbTuowTQZX1R1jBq1FWZ/bxwn6vnIU75LaYBk5lB2HbwCL\ny4RmHAX73BLPtVnmR3WdI6eUbSt4IPI4FzpLGonwI50vi2bnCTI22OkVtucr8nAh\noXEG+FPAiStqwMaHr8v2I68dAgNk97aQWVULrxZm/LjFh4A+FLK6FpGgITLpbp+I\nzlhFewXrAFp8Up6U3Sch6SCXrtEjDfkyhHbb/j+RtYI=\n-----END CERTIFICATE-----\n
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 17 (8 by maintainers)
Commits related to this issue
- Implemented support for verifying token signatures with X.509 certificates (special thanks to @xy4455 for pointing this out inside issue #3 ). — committed to GlitchedPolygons/l8w8jwt by GlitchedPolygons 4 years ago
So I’ve been doing some digging on my own, and I had all sorts of trouble parsing the public key using OpenSSL too. Until it dawned on me, those are not public keys, it is a certificate which contains a public key. So at least I can get to the key now using OpenSSL, still need to do the signature verification.
But anyway, I thought you would like to know. It seems mbedtls would support parsing a x509 certificate, but I haven’t really looked at it yet.