how to configure RS256 key?

[mpugach]

Hello

I have a public key https://krishna-academy-ua.eu.auth0.com/.well-known/jwks.json

Currently it fails here https://github.com/ueberauth/guardian/blob/v1.1.0/lib/guardian/token/jwt.ex#L300

How should the key data structure be formed? It does not work as it is

config :my_mega_app_web, MyMegaAppWeb.Auth.Guardian,
  allowed_algos: ["RS256"],
  issuer: System.get_env("AUTH0_API_IDENTIFIER"),
  secret_key: "???",
  verify_issuer: true,
  verify_module: Guardian.JWT

config :my_mega_app_web, MyMegaAppWeb.Auth.Pipeline,
  error_handler: MyMegaAppWeb.Auth.ErrorHandler,
  module: MyMegaAppWeb.Auth.Guardian

defmodule MyMegaAppWeb.Auth.Pipeline do
  @moduledoc false

  use Guardian.Plug.Pipeline, otp_app: :my_mega_app_web

  plug Guardian.Plug.VerifyHeader
  plug Guardian.Plug.EnsureAuthenticated
  plug Guardian.Plug.LoadResource, allow_blank: true
end

defmodule MyMegaAppWeb.Router do
  use MyMegaAppWeb, :router

  pipeline :api_authenticated do
    plug(:accepts, ["json-api", "json"])
    plug(MyMegaAppWeb.Auth.Pipeline)
    plug(JaSerializer.Deserializer)
  end

  scope "/api/v1", MyMegaAppWeb, as: :api_v1 do
    pipe_through(:api_authenticated)

    get("/users/me", CurrentUserController, :show)
  end
end

if I put IEx.pry here https://github.com/ueberauth/guardian/blob/v1.1.0/lib/guardian/token/jwt.ex#L300
it gives the following payload and responds with 401 later

#pry(18)> JWT.verify_strict(secret, algos, token)
{false, 
 %JOSE.JWT{
   fields: %{
     "aud" => ["https://krishna-academy-ua.eu.auth0.com/userinfo"],
     "azp" => "some hash here",
     "exp" => 1535032792,
     "iat" => 1535025592,
     "iss" => "https://krishna-academy-ua.eu.auth0.com/",
     "scope" => "openid profile email",
     "sub" => "google-oauth2|111222333444555666777888"
   }
 },
 %JOSE.JWS{
   alg: {:jose_jws_alg_rsa_pkcs1_v1_5, :RS256},
   b64: :undefined,
   fields: %{
     "kid" => "and here is also some hash",
     "typ" => "JWT"
   }
 }}

[yordis]

I would be helpful if you post some code snippet and the error output so we can see the stack trace of it.

[mpugach]

Thank you @yordis for the quick response

Attached some code, but it is more a configuration issue

I need some help to convert my public key payload (the first link) to the format accepted by secret_key config parameter

[mpugach]

the valid format is

%{
  "alg" => "RS256",
  "kty" => "RSA",
  "use" => "sig",
  "x5c" => [ 
  
  "MIIDGTCCAgGgAwIBAgIJSgNeCzv/721VMA0GCSqGSIb3DQEBCwUAMCoxKDAmBgNVBAMTH2tyaXNobmEtYWNhZGVteS11YS5ldS5hdXRoMC5jb20wHhcNMTgwNzExMTgwNTE2WhcNMzIwMzE5MTgwNTE2WjAqMSgwJgYDVQQDEx9rcmlzaG5hLWFjYWRlbXktdWEuZXUuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6XmZxnobQD1yKLTCT1LMCVCEQ3uVA5sP7szF6UPQTDauZLD4JPy5MQzZ0Qm7GL/4VU/RGp1eIP3SHvvGZtfZqEud7QbKevUmeB63FKzchdzVfZtTNiGqcdJ8k7ozlYAzmPU+KmpRKfeFv4YldyHE6cEOk6P61vKTrZRXQN+6WL7Wlkv0V2NV94mlWvWVI/KsU16amieYXlsg145iIc7nBcoOdsoU7AEthz/jQbuVnGdWWSL4hq8K0ykAH7MdXp2smDPGhXUO+TUIQBTYw1Hd1jjywCebUZuJYPns7UtbP8ikHfsWJWXe3pi23iS0qv/NT7wsMRXYvJWdz30PokuO1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSk2w1Eo+1JoZGgS36S8iHq6fjQ4zAOBgNVHQ8BAf8EBAMCAoQwDQYJKoZIhvcNAQELBQADggEBALEUbhgWGyz7+/v1FsTaBwZUXkW4JVkpttgBS768nMP6Jerd1jRFbR+ffET+pPHm7+r9kNfdQmbJnlJH07s3Wex4MPUxAPmjPoE4d76xhJLLU+yc+T4d6p+PbatK34+HsXARi07xVCHd8xo7geHsvaud0X0tCzTT+TnxyVO6J7PQGMV8U/EO2OZmwhPbRWrYwTq0iKyFgBv76Ksd9UfAL9wO3LCMls2alIx20a/0iRj34S95hgJXMlVm8JsojJPtYJju3wzz3i/ZP0n3easoNKUZIZabxAs6V5MSSxPeY0Z6G5OdNPxJfinfWZ4qv4ApDDZNNTLhY/+xqaSeNArpj3M="
  ],
  "n" => "6XmZxnobQD1yKLTCT1LMCVCEQ3uVA5sP7szF6UPQTDauZLD4JPy5MQzZ0Qm7GL_4VU_RGp1eIP3SHvvGZtfZqEud7QbKevUmeB63FKzchdzVfZtTNiGqcdJ8k7ozlYAzmPU-KmpRKfeFv4YldyHE6cEOk6P61vKTrZRXQN-6WL7Wlkv0V2NV94mlWvWVI_KsU16amieYXlsg145iIc7nBcoOdsoU7AEthz_jQbuVnGdWWSL4hq8K0ykAH7MdXp2smDPGhXUO-TUIQBTYw1Hd1jjywCebUZuJYPns7UtbP8ikHfsWJWXe3pi23iS0qv_NT7wsMRXYvJWdz30PokuO1w",
  "e" => "AQAB",
  "kid" => "MzI5QzgzOTNBREY4NkFFNDY1NTY3ODVBQjlBOTk1MkZCQzVFMTBGNA",
  "x5t" => "MzI5QzgzOTNBREY4NkFFNDY1NTY3ODVBQjlBOTk1MkZCQzVFMTBGNA"
}

I tried atom keys first, which did not worked