[Openid-specs-ab] Issue #167: (rp-id_token-kid_absent_multiple_jwks) JWK set is invalid for this test (openid/certification)
Edmund Jay
issues-reply at bitbucket.org
Wed Jul 29 21:43:07 UTC 2015
New issue 167: (rp-id_token-kid_absent_multiple_jwks) JWK set is invalid for this test
https://bitbucket.org/openid/certification/issues/167/rp-id_token-kid_absent_multiple_jwks-jwk
Edmund Jay:
The test description says : Identify that the 'kid' value is missing from the JOSE header and that the Issuer publishes multiple keys in its JWK Set document (referenced by 'jwks_uri'). Reject the ID Token since it can not be determined which key to use to verify the signature.
The JWK contains multiple keys but it contains 1 RS signature key, 1 RSA encryption key, 1 EC signature key, and 1 EC encryption key. The ID Token uses the RS256 signature so the key can be deduced from the JWK key set.
```
#!json
{
"keys": [
{
"use": "enc",
"n": "1uEIILfdysUFLySlD-vcCS5tP2hOVqAgAlcG0J-4et3HKop5GdwYK7Z5WDecQmSDWimYhypi5nII6uFkyGGSuZ-IWfvwKZh9A-KQ5VAO7frabRG7wgUnm7IMfO0h2BeL6AI75FloT45Yg65CXZLru4zECSk2g4vjzo7AigjsVdXMwKPkDgkG6e_70a9IrHGSRnlujBE8GHWgPIP51q5LuY9BLoQ2YW8PyWE4q1fFB3yFd2HX9NA1BeGLqO7Uj0WGW-v3ZDPvtkYKYAy0WcmK0k9RDmvcx_B5qQyK6oq32E-mdkmvhGSG3-Wie07LreQX4Z2xZZyVMpUGV8TxBBPHIQ",
"e": "AQAB",
"kty": "RSA",
"kid": "a0"
},
{
"use": "sig",
"n": "tAAzYdbiWDAKI8Q3s1crQRuVp0QXpyGgnzx_sGItC2rhdug68gE9v5mfK-7SJCBpuZXzX1YevJ25B0LhNQSWqvb6gYwlNHs33G8VmSzjpqFazItnhKMPnEehCXmPl7iFi8VV0NCC5_uH9xP61TClWsE8B7i4CV6y9B0hZI22p2M",
"e": "AQAB",
"kty": "RSA",
"kid": "a1"
},
{
"use": "sig",
"crv": "P-256",
"kty": "EC",
"y": "BDoCmY-d67RHNgVfRcvU0F8aqsVB35qK0_DpfAZD-n4",
"x": "akQjlPEXU4vdVTt-nvDesLWBBS79F9AJU_VWgMJ1Lk4",
"kid": "a2"
},
{
"use": "enc",
"crv": "P-256",
"kty": "EC",
"y": "MDsXIqi5GWYJV3hYDCZePTjdZWebVGu8aiOuiJzmpYU",
"x": "G466361H0oupaNZ762m0V81EDzrmprXIEmnpWgR2eW4",
"kid": "a3"
}
]
}
```
More information about the Openid-specs-ab
mailing list