Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Invalid JsonWebKey when it is ECDsaSecurityKey at DiscoveryResponseGenerator #4036

Closed
brunobritodev opened this issue Feb 3, 2020 · 2 comments
Closed

Invalid JsonWebKey when it is ECDsaSecurityKey at DiscoveryResponseGenerator #4036

brunobritodev opened this issue Feb 3, 2020 · 2 comments
Assignees
@leastprivilege
Labels
bug report

Comments

@brunobritodev
Copy link
Contributor

brunobritodev commented Feb 3, 2020
edited
Loading

We can only help you if you are on the latest version. Either use the latest 2.x or 3.x
Latest version: 3.1

Issue / Steps to reproduce the problem

At AddSigningCredentials is possible to pass as argument some SecurityKeys (RSA, ECDsa...).

If you create a ECDsaSecurity and convert it as JsonWebKey, then IdentityServer4 dont get crv parameter from JsonWebKey.

At our prod servers we decided to keep all SecurityKeys in Microsoft.IdentityModel.Tokens.JsonWebKey form. So it's easily to manage and store them. But we caught this bug in our Production server when we changed from PS256 to ES256.

jwks_uri endpoint:
image
1 - ECDsaSecurityKey
2 - RSA...
3 - JsonWebToken with ECDsaSecurityKey params.

Bug at DiscoveryResponseGenerator.cs:

// line 474
                else if (key.Key is JsonWebKey jsonWebKey)
                {
                    var webKey = new Models.JsonWebKey
                    {
                        kty = jsonWebKey.Kty,
                        use = jsonWebKey.Use ?? "sig",
                        kid = jsonWebKey.Kid,
                        x5t = jsonWebKey.X5t,
                        e = jsonWebKey.E,
                        n = jsonWebKey.N,
                        x5c = jsonWebKey.X5c?.Count == 0 ? null : jsonWebKey.X5c.ToArray(),
                        alg = jsonWebKey.Alg,
                         // Maybe here should have crv:
                        x = jsonWebKey.X,
                        y = jsonWebKey.Y
                    };

                    webKeys.Add(webKey);
                }
@brunobritodev brunobritodev mentioned this issue Feb 3, 2020
Merged
1 task
@leastprivilege leastprivilege self-assigned this Feb 3, 2020
@leastprivilege
Copy link
Member

Thanks. Merged.

Hi,

merged to master. If you want that fix to appear in 3.1.1, please do a PR against

https://github.com/IdentityServer/IdentityServer4/tree/releases/3.1.x

@leastprivilege leastprivilege reopened this Feb 3, 2020
@brunobritodev brunobritodev mentioned this issue Feb 3, 2020
Closed
2 tasks
brunobritodev added a commit to brunobritodev/IdentityServer4 that referenced this issue Feb 3, 2020
@brunobritodev
Same minor bug fix IdentityServer#4036. For release/3.1.1
7e5e204
@brunobritodev brunobritodev mentioned this issue Feb 3, 2020
Merged
2 tasks
leastprivilege pushed a commit that referenced this issue Feb 5, 2020
@brunobritodev
Same minor bug fix #4036. For release/3.1.1 (#4043)
b33b6c0
@lock
Copy link

lock bot commented Mar 10, 2020

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Mar 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@leastprivilege leastprivilege

Labels
bug report
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leastprivilege @brunobritodev