New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce native support for raw ECDSA keys in JsonWebKeySet.GetSigningKeys() #487

Open
PinpointTownes opened this Issue Aug 17, 2016 · 7 comments

Comments

Projects
None yet
4 participants
@PinpointTownes
Contributor

PinpointTownes commented Aug 17, 2016

#62 was closed, but AFAICT, raw ECDSA keys are still not supported in the latest bits:
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Tokens/JsonWebKeySet.cs#L103

Wilson should target .NET Standard 1.6 and use ECDsa.Create(ECParameters) to create new ECDSA keys from EC-based JWKs.

/cc @brentschmaltz @polita

@brentschmaltz brentschmaltz added this to the 5.0.1 milestone Aug 19, 2016

@brentschmaltz brentschmaltz added Fix 5.x and removed Release 5.x labels Aug 19, 2016

@brentschmaltz brentschmaltz self-assigned this Sep 16, 2016

@brentschmaltz brentschmaltz modified the milestones: 5.1.1 point release with bug fixes, 5.1.0 Nov 8, 2016

@brentschmaltz brentschmaltz modified the milestones: Backlog, 5.1.1 point release with bug fixes Jan 4, 2017

@brentschmaltz brentschmaltz removed the Fix 5.x label Feb 7, 2017

@brentschmaltz brentschmaltz modified the milestones: 5.x Release, Backlog Feb 7, 2017

@brentschmaltz brentschmaltz modified the milestones: 5.2.0, 5.x Release Aug 24, 2017

@aarondandy

This comment has been minimized.

Show comment
Hide comment
@aarondandy

aarondandy Mar 8, 2018

This took me a little while to track down and looks like it has been languishing for a while. I'm assuming it's not a priority for Azure, which is fair but I would like to use ECDsa. Would it be possible to get a conversation started here about the community contributing this extra parsing for the key type?

aarondandy commented Mar 8, 2018

This took me a little while to track down and looks like it has been languishing for a while. I'm assuming it's not a priority for Azure, which is fair but I would like to use ECDsa. Would it be possible to get a conversation started here about the community contributing this extra parsing for the key type?

@brentschmaltz

This comment has been minimized.

Show comment
Hide comment
@brentschmaltz

brentschmaltz Mar 22, 2018

Member

@aarondandy @PinpointTownes I agree we need a 1.6 target.
We will see if we can fit this into our next release.

Member

brentschmaltz commented Mar 22, 2018

@aarondandy @PinpointTownes I agree we need a 1.6 target.
We will see if we can fit this into our next release.

@PinpointTownes

This comment has been minimized.

Show comment
Hide comment
@PinpointTownes

PinpointTownes Mar 22, 2018

Contributor

@brentschmaltz oh, you guys are still alive? :trollface:

Contributor

PinpointTownes commented Mar 22, 2018

@brentschmaltz oh, you guys are still alive? :trollface:

@brentschmaltz

This comment has been minimized.

Show comment
Hide comment
@brentschmaltz
Member

brentschmaltz commented Mar 22, 2018

@PinpointTownes yes sir.

@brentschmaltz

This comment has been minimized.

Show comment
Hide comment
@brentschmaltz

brentschmaltz Apr 23, 2018

Member

We will get this into the June release

Member

brentschmaltz commented Apr 23, 2018

We will get this into the June release

@brentschmaltz

This comment has been minimized.

Show comment
Hide comment
@brentschmaltz

brentschmaltz Jun 15, 2018

Member

@PinpointTownes we need to push this to August 5.2.4 release.

Member

brentschmaltz commented Jun 15, 2018

@PinpointTownes we need to push this to August 5.2.4 release.

@brentschmaltz brentschmaltz reopened this Jun 15, 2018

@brentschmaltz brentschmaltz modified the milestones: 5.2.3, 5.2.4 Jun 15, 2018

@bearkat2173

This comment has been minimized.

Show comment
Hide comment
@bearkat2173

bearkat2173 Aug 11, 2018

Please also improve the error messaging for unsupported algorithms. JwtSecurityTokenHandler currently reports

Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: 'IDX10501: Signature validation failed. Unable to match 'kid...

It took many agonizing hours to track the issue down to JsonWebKeySet, confirming my suspicion that ECDSA is, in fact, not supported.

bearkat2173 commented Aug 11, 2018

Please also improve the error messaging for unsupported algorithms. JwtSecurityTokenHandler currently reports

Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: 'IDX10501: Signature validation failed. Unable to match 'kid...

It took many agonizing hours to track the issue down to JsonWebKeySet, confirming my suspicion that ECDSA is, in fact, not supported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment