0

My goal is to determine which kid is used to sign a specific payload:

      try {
        bearerToken = getBearerToken(req.headers);
        console.log("token", { bearerToken });
    
        // if the bearerToken is signed by another kid, how do i know which key to use?
    
        let verifyBearerTokenKeystore = await jose.JWK.asKeyStore(mypubkey);
        verifyBearerTokenResult = await jose.JWS.createVerify(
          verifyBearerTokenKeystore
        ).verify(bearerToken);
      } catch (e) {
        console.error(e);
        return res.status(403).send("invalid bearer token");
      }

Full source

If I purposely broke this "kid": "z2U_owemqRLOQYEhiSX1fUrPp72hXSG6dKy8qUvu1DY" in ks.json, I expect node-jose to say:

Error: kid z2U_owemqRLOQYEhiSX1fUrPp72hXSG6dKy8qUvu1DY not found

not

Error: no key found

How do I make it tell me the kid (key id) it expects? Furthermore how do verifiers extract the jwks_uri?

hendry
  • 9,725
  • 18
  • 81
  • 139
  • I think the solution to the problem is for me to decode the header from the jws, but I am not sure which library function does that for me. – hendry Dec 21 '21 at 07:50
  • https://github.com/cisco/node-jose/issues/330 – hendry Dec 21 '21 at 07:56

0 Answers0