Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

JWT: Support for x509 PEM cert

See original GitHub issue

Hello! Thanks for the nice work!

To provide a bit of backgorund , I am trying to use firebase authentication on cf workers environment. So I was trying to use this package until I find out, firebase-auth doesn’t provide JWKS.json instead they provide "public keys in (pem) format , to verify signature. Here are the keys for reference,

Is there a plan to support verifying JWT with public keys in this package? If you can give some hint on how to generate jwk from public keys, or if you think there is another way to do it, I would be happy to create a PR for the feature.


Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:2
  • Comments:8 (5 by maintainers)

github_iconTop GitHub Comments

m3haricommented, Dec 19, 2020

@jdanyow We were able to convert x509 certificate to CryptoKey following that blog post, but at the end it turns out firebase publishes JWKs with standard format here , though they don’t mention it in the docs. So we decided to use that.

As you can see firebase don’t publish the keys in the standard /.well-known/jwks.json path.

I will make a PR to cover such cases. I think adding optional keyset parameter will make it flexible.

jdanyowcommented, Dec 11, 2020

The keys you linked appear to be PEM encoded x509 certs. I found a blog post that describes how to parse these and eventually use importKey to get a CryptoKey. Assuming all that works you could then export the CryptoKey as a jwk that @cfworker/jwt can use.


// ... logic from blog post ...
// ...
// ...
const publicKey: CryptoKey = await crypto.subtle.importKey(/* logic from blog post */);
// export as jwk that @cfworker/jwt can use.
const jwk = await crypto.subtle.exportKey('jwk', publicKey);

Then you can pass the jwk to @cfworker/jwt’s importKey function (below). issuer should match the iss value found in the JWTs you’re trying to validate.

Hope that helps!

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to get a JSON Web Key (JWK) from a PEM-encoded X ...
509 certificate or keys. Developers working with JOSE and JWT may occasionally may need to create a public JWK or a public /...
Read more >
Problem validating JWT with X509 cert/pubkey from /jwks
I am trying to implement my server side JWT access token validation (in java) into my API code using a restful service filter....
Read more >
Generating X.509 certificates of BTP managed services
1) Generating a service key with certificate credentials​​ We typically use the client id and client secret to generate the JWT token from...
Read more >
Protecting REST Endpoints with JWTs: End-to-end Guide
The example below demonstrates how X.509 SSL Certificates can be used to sign and verify JWT tokens without having to use a pre-shared ......
Read more >
decode ruby/jwt using pem certificate - Stack Overflow
Assuming pem contains the pem encoded string cert = key = cert.public_key decoded_token = JWT.decode ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found