kid of imported PEM keys

[joaovieira]

@panva, first of all, thank you for your amazing work with this library! 👏 👏

I've a got a question:

In my app I've got to decode tokens from multiple issuers, including one for AWS (see: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#user-claims-encoding). The decoded header provides a kid which we use to fetch the public key from a remote server. While most of the issuers return JWKs that match the kid in the token header. E.g.:

const { header } = JWT.decode(token, { complete: true });
const jwk = await fetchPublicKey(header.kid);
const key = JWK.importKey(jwk);

console.log(header.kid === jwk.kid); // true
console.log(header.kid === key.kid); // true

AWS returns a PEM (PKCS#8) key from the endpoint. When imported, the kids don't match. E.g.:

const { header } = JWT.decode(token, { complete: true });
const pem = await fetchPublicKey(header.kid);
const key = JWK.importKey(pem);

console.log(header.kid === key.kid); // false

That means I could not use a JWKS.KeyStore to store and verify all tokens as the PEMs keys are never found:

const keyStore = new JWKS.KeyStore();
const { header } = JWT.decode(token, { complete: true });
const pem = await fetchPublicKey(header.kid);
const key = JWK.importKey(pem);
keyStore.add(pem);

JWT.verify(token, key); // works
JWT.verify(token, keyStore); // doesn't work

Just wanted to understand if this is the expected behaviour or some data corruption (wouldn't be surprised from AWS). I.e. the data in the JWT header being different from the PEM key content but somehow being the correct signature.

[panva]

@panva, first of all, thank you for your amazing work with this library! 👏 👏

thank you

Just wanted to understand if this is the expected behaviour or some data corruption (wouldn't be surprised from AWS)

There's no corruption, a PEM certificate has all the things necessary to calculate a thumbprint using RFC7638 but it does not have details on the kid which is an arbitrary string, this library (and many others) choose to use the RFC7638 thumbprint value as the kid when it is missing, just to always have one.

When importing a pem formatted key you ought to use the options object (https://github.com/panva/jose/tree/master/docs#jwkimportkeykey-options-asymmetric-key-import) to declare its kid, use and alg if you've gotten it via an out of band mechanism.

When kid is not imported during importKey (as part of either jwk formatted key or pem+options) it is computed using the method defined in RFC7638.

so in your aws sample you should do this

const pem = await fetchPublicKey(header.kid); // fetches PEM from AWS
const key = JWK.importKey(pem, { kid: header.kid }); // creates a key with the `kid` AWS assigned the key
keyStore.add(key);

keyStore.get(header.kid); // this will now return the key you want and so JWT.verify(keyStore) will work too

[panva]

> k = j.JWK.importKey(pem)
RSAKey {
  e: 'AQAB',
  kid: 'Bj1ccHv-y_ZoejJKWhAhBHLpnGSlawNAQUAMEQBd5L8', // calculated because it was missing
  kty: 'RSA',
  n: 'wHsrnJAaDkiGFnplMUi5Grfd4CEPUw9qboum3AhhuOEzf0uw_SOtOfLkkEOxHm5cp8CUNkHtENVK_O0VwF5UXBhetclgEnKf599R9JVWVN1aHEPuEfO29Jbx2k5YqqN7U1WWYPVKIJn_xVNbxhb6gtudSqQGI0ogrSbNb6UIxUILysbRmFN8d25kszDukf0KkssHGpuU8orfknxC8RoL228CRmgNK7o7KaGBLAta9uFeBSzbEHCV6Jn2givW1CfQFSK2npBk_rjsliPzm9D-Pk-DWW-eF1neo8zw7kAkMW0QBnVEYAVYcqxSX42Osl2d0l_KaskavT06unvCzjiRCw'
}
> k.kid
'Bj1ccHv-y_ZoejJKWhAhBHLpnGSlawNAQUAMEQBd5L8'
> k.thumbprint
'Bj1ccHv-y_ZoejJKWhAhBHLpnGSlawNAQUAMEQBd5L8'
> k = j.JWK.importKey(pem, { kid: 'foobar' })
RSAKey {
  e: 'AQAB',
  kid: 'foobar',
  kty: 'RSA',
  n: 'wHsrnJAaDkiGFnplMUi5Grfd4CEPUw9qboum3AhhuOEzf0uw_SOtOfLkkEOxHm5cp8CUNkHtENVK_O0VwF5UXBhetclgEnKf599R9JVWVN1aHEPuEfO29Jbx2k5YqqN7U1WWYPVKIJn_xVNbxhb6gtudSqQGI0ogrSbNb6UIxUILysbRmFN8d25kszDukf0KkssHGpuU8orfknxC8RoL228CRmgNK7o7KaGBLAta9uFeBSzbEHCV6Jn2givW1CfQFSK2npBk_rjsliPzm9D-Pk-DWW-eF1neo8zw7kAkMW0QBnVEYAVYcqxSX42Osl2d0l_KaskavT06unvCzjiRCw'
}
> k.kid
'foobar' // kid that was assigned
> k.thumbprint
'Bj1ccHv-y_ZoejJKWhAhBHLpnGSlawNAQUAMEQBd5L8' // still the calculated thumbprint

[joaovieira]

Fantastic! Missed that 🚀