-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjwks.go
52 lines (40 loc) · 1.06 KB
/
jwks.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
package oauth2
import (
"encoding/base64"
"fmt"
"net/http"
)
// JSONWebKeySet is a JSON Web Key Set.
type JSONWebKeySet struct {
Keys []JSONWebKey `json:"keys"`
}
// JSONWebKey is a JSON Web Key that only supports elliptic curve keys for now.
type JSONWebKey struct {
Kid string `json:"kid"`
Kty string `json:"kty"`
Crv string `json:"crv"`
X string `json:"x"`
Y string `json:"y"`
}
func (srv *AuthorizationServer) handleJWKS(w http.ResponseWriter, r *http.Request) {
var (
keySet *JSONWebKeySet
)
if r.Method != "GET" {
http.Error(w, "method not allowed", http.StatusMethodNotAllowed)
return
}
keySet = &JSONWebKeySet{Keys: []JSONWebKey{}}
for kid, key := range srv.PublicKeys() {
keySet.Keys = append(keySet.Keys,
JSONWebKey{
// Currently, our kid is simply a 0-based index value of our signing keys array
Kid: fmt.Sprintf("%d", kid),
Crv: key.Params().Name,
Kty: "EC",
X: base64.RawURLEncoding.EncodeToString(key.X.Bytes()),
Y: base64.RawURLEncoding.EncodeToString(key.Y.Bytes()),
})
}
srv.writeJSON(w, keySet)
}