Hello can anyone tell me how can I verify the json web token Ory Community #talk-kratos

Hello, can anyone tell me how can I verify the jso...

brainy-jewelry-16322

03/04/2024, 12:18 PM

Hello, can anyone tell me how can I verify the json web token converted from kratos session using php. now I can validate token when it generate by oauth2/token , so the problem I faced is when I convert sessions token to JWT it doesn’t work.

curved-ram-6189

03/04/2024, 2:36 PM

I don't think ORY session tokens are JWTs.

brainy-jewelry-16322

03/04/2024, 2:47 PM

I can convert kratos session token to JWT , but when i try to validate using jwks it throws errors

curved-ram-6189

03/04/2024, 2:59 PM

Which jwks are you using?

curved-ram-6189

03/04/2024, 2:59 PM

Looking at the PR for tokenizing the session to JWT, it's unclear if it uses the JWKS from hydra, oathkeeper or a new one

brainy-jewelry-16322

03/04/2024, 3:01 PM

I used this link : https://www.ory.sh/docs/identities/session-to-jwt-cors

brainy-jewelry-16322

03/04/2024, 3:02 PM

however do you know how can i have same validation format in my middleware , jwt, kratos session ...

curved-ram-6189

03/04/2024, 3:03 PM

So you generated a JWKS yourself and added it to the kratos config?

brainy-jewelry-16322

03/04/2024, 3:03 PM

exactly

curved-ram-6189

03/04/2024, 3:05 PM

what url are you using for JWKs in PHP/

brainy-jewelry-16322

03/04/2024, 3:08 PM

I use this one .well-known/jwks.json and add in the one I created myself but now the issue I faced is : {“status”“failure”,“statusCode”1,“statusDescription”:“Key data must be for a public key”}

brainy-jewelry-16322

03/04/2024, 3:08 PM

{"status":"failure","statusCode":1,"statusDescription":"Key data must be for a public key"}

brainy-jewelry-16322

03/04/2024, 3:09 PM

Copy code

$jwks = file_get_contents(sprintf('%s/.well-known/jwks.json',env('ORY_HYDRA_ADMIN')));

$key = $hydraClientAdmin->get('/admin/keys/jwt-token-pqp');
$tokenJwk = json_decode($key->getBody()->getContents(), true);

$decodedJWKS = json_decode($jwks, true);

//$jwkConverter = new JWKConverter();
$decodedJWKS['keys'][] = $tokenJwk['keys'][0];

$decodedAccessToken = JWT::decode(
    $accessToken,
    JWK::parseKeySet($decodedJWKS)
);

curved-ram-6189

03/04/2024, 3:09 PM

does it look like a normal JWKS public key data, or does it include all the private key info?

brainy-jewelry-16322

03/04/2024, 3:10 PM

I’m using laravel

curved-ram-6189

03/04/2024, 3:10 PM

Look like you're getting the hydra keys from the admin endpoints, not the kratos keys?

brainy-jewelry-16322

03/04/2024, 3:13 PM

I’m on ory network the managed service

curved-ram-6189

03/04/2024, 3:22 PM

I think line 3 should read

json_decode($jwks->getBody()->getContents()

rather than starting with

$key

. See you're trying to use the hydra private keys rather than the public keys from the jwks well-known url.

brainy-jewelry-16322

03/04/2024, 4:03 PM

I don’t get , but I’ll investigate deeply. Thanks a lot for your time

46 Views

Open in Slack

Previous Next