Add JWKS to PEM feature
The jwks_uri
attribute in the OpenID Provider Metadata points to the public parts of the signing key pair.
- Example for OIDC Issuer https://auth.schuerg.net/auth/realms/playground
- OpenID Provider Metadata: https://auth.schuerg.net/auth/realms/playground/.well-known/openid-configuration
- JWKS URI: https://auth.schuerg.net/auth/realms/playground/protocol/openid-connect/certs
{
"keys": [
{
"kid": "u5KGGAy78X50Q3Tf_vLNMds3_5bVHwXpbW09fjWqr-0",
"kty": "RSA",
"alg": "RS256",
"use": "sig",
"n": "tJ1YoRe2SuabQ1KywWZ99uKfaUC-loq7IKcL3WJ4NtBoGaHlQWGaGFb3uYXTKLtgbGXSiVvgNhBQ24GvXuueDJ_08YMS5i5H90CwmdKGbriQhr1M1yPiUDc51CNCTak639qYXLWHwoPK97syLhualu0Dykn8zzcTW6JI9tsf7abJbQ5lRKvOS7EtVL0qPGnET0_2n_rp39BtwVOc2JuyQCXhd2w870o8nokEJ-aVTfhjbQFjZmgIuWm37Vsc6C4TzTA3sTQ-Yjg2e_jXQfl8dRd_ScmLPI9KBqaTsU-Y8biXdtP0B1cTteTuOWVWrwNUPg0iOwDAhYlrAfUoCulDwQ",
"e": "AQAB",
"x5c": [
"MIICozCCAYsCBgF5x+QuWDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApwbGF5Z3JvdW5kMB4XDTIxMDYwMTE0MDMxMFoXDTMxMDYwMTE0MDQ1MFowFTETMBEGA1UEAwwKcGxheWdyb3VuZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSdWKEXtkrmm0NSssFmffbin2lAvpaKuyCnC91ieDbQaBmh5UFhmhhW97mF0yi7YGxl0olb4DYQUNuBr17rngyf9PGDEuYuR/dAsJnShm64kIa9TNcj4lA3OdQjQk2pOt/amFy1h8KDyve7Mi4bmpbtA8pJ/M83E1uiSPbbH+2myW0OZUSrzkuxLVS9KjxpxE9P9p/66d/QbcFTnNibskAl4XdsPO9KPJ6JBCfmlU34Y20BY2ZoCLlpt+1bHOguE80wN7E0PmI4Nnv410H5fHUXf0nJizyPSgamk7FPmPG4l3bT9AdXE7Xk7jllVq8DVD4NIjsAwIWJawH1KArpQ8ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAV6u6Zmo1VFJZDtooeHH4GzLObvCaZKEE+F0pAHP85qYFXoa1li4+RVwjRVcwi4yXn9joTj5ShKbOQUIitj66+7qX1O3PcxtF2t4mIdzEFQ63JqvBG15wq41JTD51eoC4vBnGTlX8YLTczZzz6/Z172oeRvpLv8EJEJKviVcNdgItebH1343P8n/3PBc+bOTOMjfFj93qmF1HS8H22+4SNLd7SsgYsdFknVI5W9pxXNvD5c1eHHqkr1SsitFQhLidNrF1efJAtBkAkxWsKZ94jxEpoUyYCUSBoh7EnRInHpzhw1QDIeBF0xhd03px/drtMu5AHahIVNERzooDiNygEg=="
],
"x5t": "f5q4XYH9ivERd94gBgfoiYzCwcE",
"x5t#S256": "33RnGjlZBoZ8aal2M0Mm8xKERpfv-QafwIcoTHuQkm0"
}
]
}
The public key above is listed in the JWKS format specified in RFC 7517. But many applications require public keys in PEM (Privacy Enhanced Mail) format.
actl should have a command to fetch and list OIDC issuer public keys in PEM format.
Edited by Simon Schürg