Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate Signature #11

Open
AnnaBilo opened this issue May 10, 2022 · 6 comments
Open

Validate Signature #11

AnnaBilo opened this issue May 10, 2022 · 6 comments
Assignees
@skriesch @prebbe @RumiAust
Labels
Est. Size 3 Real Size 3
Projects
OpenID Connect Doctor Backlogs

Comments

@AnnaBilo
Copy link
Collaborator

AnnaBilo commented May 10, 2022
edited by mindtheme

User Story

  1. As a user
  2. I want to be able to validate a signature
  3. So that I can confirm its validity

Acceptance Criteria

  • validate the signature of a token, provided a public key
  • Extract the algorithm used to sign the token
  • Given a signature function and a token, the validity of a token is confirmed
@AnnaBilo AnnaBilo created this issue from a note in OpenID Connect Doctor Backlogs (Product backlog) May 10, 2022
@mindtheme
Copy link
Collaborator

The public keys of an identity provider are accessible over their jwks_uri

@mindtheme
Copy link
Collaborator

https://www.npmjs.com/package/jsonwebtoken (used by the customer)

@AnnaBilo AnnaBilo moved this from Product backlog to Sprint backlog in OpenID Connect Doctor Backlogs Jun 8, 2022
@skriesch skriesch moved this from Sprint backlog to In progress in OpenID Connect Doctor Backlogs Jun 12, 2022
skriesch added a commit that referenced this issue Jun 12, 2022
@skriesch
Update nodejs to 8.12.1 and install node-jsonwebtoken for validation …
93afa4e 
…of the signature #11

Signed-off-by: Sarah Julia Kriesch <sarah.j.kriesch@fau.de>
@skriesch
Copy link
Collaborator

I have created our development branch for this task and have added the jsonwebtoken library.

@skriesch
Copy link
Collaborator

I look, that I can use jwt.verify for the verification: https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback

@AnnaBilo AnnaBilo moved this from In progress to Product backlog in OpenID Connect Doctor Backlogs Jun 15, 2022
@mindtheme mindtheme moved this from Product backlog to Sprint backlog in OpenID Connect Doctor Backlogs Jun 15, 2022
@skriesch skriesch moved this from Sprint backlog to In progress in OpenID Connect Doctor Backlogs Jun 18, 2022
@mindtheme mindtheme moved this from In progress to Product backlog in OpenID Connect Doctor Backlogs Jun 22, 2022
@AnnaBilo AnnaBilo moved this from Product backlog to Sprint backlog in OpenID Connect Doctor Backlogs Jun 22, 2022
@skriesch
Copy link
Collaborator

Philip has implemented and added the validation of the token (incl. the signature) last week with e32b465

@RumiAust Should we add an output of the validation into the frontend to complete this task? That would complete the acceptance criteria "the validity of a token is confirmed".

@RumiAust
Copy link
Collaborator

@skriesch I think in the front end we just need to show a confirmation message of signature validity.

skriesch added a commit that referenced this issue Jun 28, 2022
@skriesch
Expand signature validation with the output of the signature together…
43f72c3 
… with header and payload #11

Signed-off-by: Sarah Julia Kriesch <sarah.j.kriesch@fau.de>
@skriesch skriesch mentioned this issue Jun 28, 2022
Closed
@skriesch skriesch moved this from Sprint backlog to In progress in OpenID Connect Doctor Backlogs Jun 28, 2022
skriesch added a commit that referenced this issue Jun 28, 2022
@skriesch
Add function extractSignature with jose utility generate_key_pair #11
05827c1 
Signed-off-by: Sarah Julia Kriesch <sarah.j.kriesch@fau.de>
skriesch added a commit that referenced this issue Jun 29, 2022
@skriesch
Add additional function for key decoding without JSON #11
5554a74 
Signed-off-by: Sarah Julia Kriesch <sarah.j.kriesch@fau.de>
@AnnaBilo AnnaBilo assigned prebbe, skriesch and RumiAust and unassigned skriesch, prebbe and RumiAust Jun 29, 2022
@AnnaBilo AnnaBilo moved this from In progress to Feature archive in OpenID Connect Doctor Backlogs Jun 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skriesch skriesch

@prebbe prebbe

@RumiAust RumiAust

Labels
Est. Size 3 Real Size 3
Projects
OpenID Connect Doctor Backlogs
Feature archive
Milestone
No milestone
5 participants
@skriesch @prebbe @RumiAust @AnnaBilo @mindtheme