Add "kty" to jose.JSONWebKey #229
Comments
To a certain extent, you can get this information by looking at the type of the key embedded in the struct, e.g. to see if it's *rsa.PublicKey or *ecdsa.PrivateKey etc. Would that address your particular use-case? |
Yup, but that needs a larger type assertion with all the different Public/Private types - wouldn't it be easier to just add the |
I'd be happy to expose |
Same here, I'll try to look into it however! |
Looking into this, we set the |
So, i think i'm actually running into a bug because of this. We're using the AzureAD support in go golang.org/x/oauth2, and we use jose.v2 to check signatures on our JWTs. With Azure AD, the According to the RFC, the Instead of relying on the existence of the What's happening now is, the Azure AD JWKs omit the
Or maybe i'm way off, and i've got things a bit screwed up on my end. |
Do you have an example token/code I could take a look at? |
Sure. I've got some now revoked tokens, and the JWKs that should work but they have some some company IDs in them. Do you have an e-mail address I can send them to? |
Yeah, you can email them to css (at) css.bio. An excerpt of the code you're using to verify etc. would also help me understand what you're trying to do. |
I may be running into this. Have you been able to replicate? |
While fields like
kid
oralg
are added tojose.JSONWebKey
,kty
is not. In some cases however (e.g. when fetching JWKs from remote) it is important to have that information available. I therefore suggest to add thekty
field tojose.JSONWebKey
.The text was updated successfully, but these errors were encountered: