How to use JsonWebToken when I don't have a DER and can't use command line tools

[greglearns]

I have a rust service that needs to verify JWTs from 3rd-party services that I do not control. The 3rd party service (Portier, in this case) supplies the RSA public components (n modulus, and e exponent). Given that jsonwebtoken can only read DER encoded keys and that I cannot manually run the recommended command-line options for OpenSSL, what is the recommended way of being able to decode a JWT using JsonWebToken in a rust service?

Currently, I have been able to get an ssh public key from the rsa components (n, e) https://github.com/coreos/openssh-keys/blob/master/src/lib.rs#L363 but that seems like a dead end since a public ssh key doesn't seem to be easily converted to DER.

Any ideas?

[Keats]

I don't think there is currently an easy way to do that. It would be nice to have a function in jsonwebtoken that does the DER conversion but haven't looked into that yet.

[AaronFriel]

@Keats there appears to be a function in Ring that will do this: https://briansmith.org/rustdoc/ring/signature/primitive/fn.verify_rsa.html

Would you consider a PR that would add a function with a signature like the following?

pub fn decode_rsa<T: DeserializeOwned>(
    token: &str,
    n: &[u8],
    e: &[u8],
    validation: &Validation,
) -> Result<TokenData<T>>

Edit: Added the missing key parameter to the signature of the method.

[mikeumus]

@greglearns there's these methods from azure-jwt (rust) repo in GitHub that can convert a KEY to a DER format:

• https://github.com/cfsamson/azure-jwt/blob/c3d6239fed10b23e834f0e9f0cb0ae39618c4118/src/lib.rs#L636

        // jwt library expects a `*.der` key wich is a byte encoded file so
        // we need to convert the key from base64 to their byte value to use them.
        let private_key = from_base64_to_bytearray_non_url(PRIVATE_KEY_TEST).expect("priv_key");

[Keats]

v7 alpha also does it