We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kty
alg
The following DPoP token is not accepted by https://github.com/solid/identity-token-verifier:
{ header: { alg: 'RS256', typ: 'dpop+jwt', jwk: { kty: 'RSA', kid: '3tjG2YeuINJZu1dsESrcDVLsH48wfPPJh_qvBX81Tcs', use: 'sig', alg: 'RSA', e: 'AQAB', n: '1JLhXFU_5eUoSXBg2QzuPL1zYgWY--3vEEgduukdODdieQXZOIWj2VKHxaHQzIgqQbZz8erx0DW6hGRbxKpkbVJbloK3zcVkPCooEctLDvTXARlpHihfAAh70IW2qK8jbaublaZ6WJg5pDLafLXwnMB6utg-MrdnFku_81WeDc93jCEs3UQOI80b_WpG1ZWnayy18cNKu-CyJIjwDjBpc7db5KTmkqkQdC-WKsHF4_-BM4nuX7zYQS6p1IUpjIBJDv2HkAaoanfP2xg42C3CBiFKHxBhYSytGgMRNX2Udj2ETDVCD0of2WCaRFqPQMuXtq_CWIFw6VflWDBq64iD_Q' } }, payload: { htu: 'http://localhost:3000/.acl', htm: 'GET', jti: '4d7c8dd5-a899-4907-a551-36e1ba76a30b', iat: 1613376843, exp: 1613380443 }, signature: '0SKJZL17j4sjqIR6_4o4ocNUV3xq60gmbZpsVzjaHy0o67FlZ4P3q3yFuIS0-3MOts3RNp5I6YllBfti-b9A4aVUATOKJcNvwQercWw5vvMg3v252XjV8E86Ir3oDVAlqHTEYX89AjeZ73PN9gI0x8D3pP0mr1wcpZcvj7jM4u57XN3GTH4uYATQT1wdAhmz9y_sKSw_7K0zZOC8ItfDtfdr1FROn2UyWdVzLeI_pbKHLv7CyngoKbJPZrwqYQ9sKXSXw4m9IH6-71RPTHhCUxG1EyC6igytCi6QmuSYm1sBWin-tuuCGFFvLRn0A_yWxWwCc5Sq_xeH15bWXerzMA' }
Note that both header.jwk.kty and header.jwk.alg have the value 'RSA'. It makes community-server output a validation error which is thrown in https://github.com/solid/identity-token-verifier/blob/0cbb50406717496ecc900d1e3171b2f7ee946a31/src/guards/DPoPJWKGuard.ts#L65 It checks if RSA is in Set { 'RS256', 'RS384', 'RS512' }, which it is not.
header.jwk.kty
header.jwk.alg
RSA
Set { 'RS256', 'RS384', 'RS512' }
And indeed, if you change header.jwk.alg to 'RS256', then community-server correctly logs:
Verified WebID via DPoP-bound access token: https://solid-crud-tests-example-1.solidcommunity.net/profile/card#me
The text was updated successfully, but these errors were encountered:
The jwk.alg field is incorrect. If present, the value should be one of those listed by IANA: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms
jwk.alg
In this case, the alg field should be RS256
RS256
Sorry, something went wrong.
Turns out NSS behaviour was fine, and it was solid-auth-fetcher that was setting the wrong value!
Fix nodeSolidServer/oidc-op#29
8da3b42
No branches or pull requests
The following DPoP token is not accepted by https://github.com/solid/identity-token-verifier:
Note that both
header.jwk.kty
andheader.jwk.alg
have the value 'RSA'.It makes community-server output a validation error which is thrown in https://github.com/solid/identity-token-verifier/blob/0cbb50406717496ecc900d1e3171b2f7ee946a31/src/guards/DPoPJWKGuard.ts#L65
It checks if
RSA
is inSet { 'RS256', 'RS384', 'RS512' }
, which it is not.And indeed, if you change
header.jwk.alg
to 'RS256', then community-server correctly logs:The text was updated successfully, but these errors were encountered: