Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Base64 encoding issue when processing JWKS due to trailing '=' characters #144

Closed
nbaars opened this issue Jun 26, 2023 · 0 comments · Fixed by #145
Closed

Base64 encoding issue when processing JWKS due to trailing '=' characters #144

nbaars opened this issue Jun 26, 2023 · 0 comments · Fixed by #145

Comments

@nbaars
Copy link

nbaars commented Jun 26, 2023

When using the mock to interact with a Go library the parsing fails:

but could not unmarshal as JSON: illegal base64 data at input byte

The JWKS is as follows:

{
  "keys": [
    {
      "kid": "keyId",
      "use": "sig",
      "alg": "RS256",
      "kty": "RSA",
      "n": "AKzaf4nijuwtAn9ieZaz-iGXBp1pFm6dJMAxRO6ax2CV9cBFeThxrKJNFmDY7j7gKRnrgWxvgJKSd3hAm_CGmXHbTM8cPi_gsof-CsOohv7LH0UYbr0UpCIJncTiRrKQto7q_NOO4Jh1EBSLMPX7MzttEhh35Ue9txHLq3zkdkR6BR6nGS7QxEg7FzYzA4IooV59OPr-TvlDxbEpwc1wkRZDGavo-WjngAt7m_BEQtHnav3whitbrMmi_1tWY8cQbO9D4FuQTM7yvACLSv94G2TCvsjm_gGJmOJyRBkI1r-uEIfhz9-VIKlswqapKSul-Hoxv5NycucRa4xi4N39dfM=",
      "e": "AQAB"
    }
  ]
}

The n however uses a base-64 encoding with a trailing = which is not allowed according to the spec, see: https://datatracker.ietf.org/doc/html/rfc7515#appendix-C:

Base64url Encoding
Base64 encoding using the URL- and filename-safe character set
defined in Section 5 of RFC 4648 [RFC4648], with all trailing '='
characters omitted (as permitted by Section 3.2) and without the
inclusion of any line breaks, whitespace, or other additional
characters. Note that the base64url encoding of the empty octet
sequence is the empty string. (See Appendix C for notes on
implementing base64url encoding without padding.)
nbaars pushed a commit to nbaars/keycloak-mock that referenced this issue Jun 26, 2023
use base-64 encoding without padding
c5c7e13 
The spec states (see https://datatracker.ietf.org/doc/html/rfc7515#appendix-C) that all trailing '=' characters should be omitted.

Resolves TNG#144
@nbaars nbaars mentioned this issue Jun 26, 2023
Merged
nbaars pushed a commit to nbaars/keycloak-mock that referenced this issue Jun 26, 2023
use base-64 encoding without padding
5fd21da 
The spec states (see https://datatracker.ietf.org/doc/html/rfc7515#appendix-C) that all trailing '=' characters should be omitted.

Resolves TNG#144

Signed-off-by: Nanne Baars <nanneb@gmail.com>
nbaars pushed a commit to nbaars/keycloak-mock that referenced this issue Jul 4, 2023
use base-64 encoding without padding
17abbc4 
The spec states (see https://datatracker.ietf.org/doc/html/rfc7515#appendix-C) that all trailing '=' characters should be omitted.

Resolves TNG#144

Signed-off-by: Nanne Baars <nanneb@gmail.com>
ostrya pushed a commit that referenced this issue Jul 4, 2023
@ostrya
use base-64 encoding without padding
9a11e42 
The spec states (see https://datatracker.ietf.org/doc/html/rfc7515#appendix-C) that all trailing '=' characters should be omitted.

Resolves #144

Signed-off-by: Nanne Baars <nanneb@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

use base-64 encoding without padding nbaars/keycloak-mock
1 participant
@nbaars