我想在网址上公开 public 键,我想是这样的:
return keySet.toJson(OutputControlLevel.PUBLIC_ONLY);
但是当我尝试从网址中消费时:
HttpsJwks keyUrl = new HttpsJwks("https://dmdcggwvwj.execute-api.ca-central-1.amazonaws.com/authBeta/z/key");
List<JsonWebKey> keySet = keyUrl.getJsonWebKeys();
我得到了这个例外:
java.lang.ClassCastException: java.lang.String cannot be cast to org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap
我在这里缺少什么线索?
答案 0 :(得分:0)
从https://dmdcggwvwj.execute-api.ca-central-1.amazonaws.com/authBeta/z/key返回的内容如下所示,所有引号都已转义(似乎已经应用了一轮JSON转义或处理):
"{\"keys\":[{\"kty\":\"RSA\",\"n\":\"iCSHtMjeCc0RTNw1uVAlciaBtGOgOV7dhtbbjfzfWYdVxQN9tB4Z0gI_4nIcrzLvzg_Sm_iJKUsZuU29JM0tgFvXwfb_pkFL8E7HmbiKaLtL8QofGHkGPbCTCyJ-8YPu3uVLgUmyCKGmShBqWIm_VOSGGivZwYjK4-ONbYC5DrVO0yIzRKnF7ZtfCCxVkkI3D8_-_0anViVmSnsQimLCFfPJwgOmoRFFZENQOFYEyHmGTcQkDEDDePvWAwb32FTZBKgs09CuLiP-n7GhqtUW6RbnL8hwPm9GlLEYa3MahjVEeI23j6r_dlttzVZyW99gXdUUqrkRmrRrYOJnmtQzKQ\",\"e\":\"AQAB\"}]}"
jose4j中的小JSON解析器将整个事物解析为单个字符串。错误消息可能会好得多,但基本上它期望一个JSON对象被解析成Map并且在将解析的对象转换为Map时失败。
而直接来自keySet.toJson(OutputControlLevel.PUBLIC_ONLY)的输出将是这样的:
{"keys":[{"kty":"RSA","n":"iCSHtMjeCc0RTNw1uVAlciaBtGOgOV7dhtbbjfzfWYdVxQN9tB4Z0gI_4nIcrzLvzg_Sm_iJKUsZuU29JM0tgFvXwfb_pkFL8E7HmbiKaLtL8QofGHkGPbCTCyJ-8YPu3uVLgUmyCKGmShBqWIm_VOSGGivZwYjK4-ONbYC5DrVO0yIzRKnF7ZtfCCxVkkI3D8_-_0anViVmSnsQimLCFfPJwgOmoRFFZENQOFYEyHmGTcQkDEDDePvWAwb32FTZBKgs09CuLiP-n7GhqtUW6RbnL8hwPm9GlLEYa3MahjVEeI23j6r_dlttzVZyW99gXdUUqrkRmrRrYOJnmtQzKQ","e":"AQAB"}]}
jose4j可以解析/处理它。
我认为您需要查看authBeta / z / key端点上发生的事情并找到并停止进行额外的转义。