JsonWebKey from the Library is not compliant with IETF

[maxonweb]

Question:
Azure.Security.KeyVault.Keys.JsonWebKey returned from the Library as per https://docs.microsoft.com/en-us/dotnet/api/azure.security.keyvault.keys.keyvaultkey.key?view=azure-dotnet does not have kty, kid, key_ops properties for e.g.,

IETF Link: https://tools.ietf.org/html/rfc7517

[jsquire]

Thank you for your feedback. Tagging and routing to the team member best able to assist.

[jsquire]

@heaths: I'm not sure if this is better routed to the service team. Would you be so kind as to triage and redirect if needed?

[heaths]

Those properties are serialized according to the spec, but have different names across our SDKs following idiomatic language conventions. For .NET:

• kty -> JsonWebKey.KeyType
• kid -> JsonWebKey.Id
• key_ops -> JsonWebKey.KeyOps

Other key parameters like k remain the same, though are cased idiomatically for the language, e.g. in .NET K.

Have you found a case where properties are not serialized to or from the Key Vault service correctly?

[maxonweb]

Which I can understand, but when I convert the Azure.Security.KeyVault.Keys.JsonWebKey object to Json, I expect the JSON produced to be IETF compliant. So with properties name KeyType, Id, KeyOps in the JSON it is not a IETF compliant JWK.

[heaths]

How are you converting it? Note we don't currently support serializing the JWK outside the SDK. When de/serialized within the SDK (like importing to or getting a key from Key Vault), then JWK is formatted correctly.

[maxonweb]

If I am not able to get a IETF compliant JSON out of the JsonWebKey object I am not going call it as IETF compliant. The previous library Microsoft.Azure.KeyVault.WebKey ToString() method used to produce JSON which was IETF compliant. This new library Azure.Security does not exhibit the same behavior - https://docs.microsoft.com/en-gb/dotnet/api/microsoft.azure.keyvault.webkey.jsonwebkey.tostring?view=azure-dotnet-legacy#Microsoft_Azure_KeyVault_WebKey_JsonWebKey_ToString

I was able to do

new Microsoft.IdentityModel.Tokens.JsonWebKeySet(Microsoft.Azure.KeyVault.WebKey.ToString())

which does not work the same way in this new library, when I do

new Microsoft.IdentityModel.Tokens.JsonWebKeySet(Azure.Security.KeyVault.Keys.JsonWebKey.ToString())

Reference:
https://docs.microsoft.com/en-us/dotnet/api/microsoft.identitymodel.tokens.jsonwebkeyset.-ctor?view=azure-dotnet#Microsoft_IdentityModel_Tokens_JsonWebKeySet__ctor_System_String_

[ghost]

Hi @maxonweb. Thank you, for your interest in helping to improve the Azure SDK experience and for your contribution. We've noticed that there hasn't been recent engagement on this pull request. If this is still an active work stream, please let us know by pushing some changes or leaving a comment. Otherwise, we'll close this out in 7 days.

[ghost]

Hi @maxonweb. There was a mistake and this issue was unintentionally flagged as a stale pull request. The label has been removed and the issue will remain active; no action is needed on your part. Apologies for the inconvenience.

[heaths]

Note: see https://datatracker.ietf.org/doc/html/rfc7517

[heaths]

Will add a JsonWebKeyConverter (since we standardize on System.Text.Json), but wanted to note that it will currently ignore any JsonSerializerOptions passed to it. Given it's an industry-standard format already, I suspect case-insensitive name handling unnecessary. Should it ever become necessary, it would not be hard to support by passing relevant properties like JsonSerializerOptions.PropertyNameCaseInsensitive or JsonSerializerOptions.PropertyNamingPolicy to the internal JsonWebKey.ReadProperties and JsonWebKey.WriteProperties methods.