我正在尝试通过openid connect了解身份验证
我收到了授权码,服务器可以将其交换为访问令牌和标识令牌。
我收到了带有RSA私钥的文件:
"keys": [
{
"kty": "RSA",
"d": "FVSxlyJTtDw .....",
"dp": "dzTM-0C3 ....",
"dq": "XxhRvZewnnvY22....",
"e": "AQAB",
"use": "sig",
"kid": "s1",
"alg": "RS256",
"n": "pJADu0nyhCrh9XIR....",
"p": "0ktANeYxLEB1uEDkSQ....",
"q": "yFRFPKiUCelQ2c-vf,"
"qi": "FhvccbxuaCXAO7iYq2H.....",
},
{
"kty": "RSA",
"d": "J7jk1r3-83KZ7zPrrG659kTVwbsYNJxB.....",
"dp": "ALaPzpUH_1JpN6QmHKaAmruaRXYD_EJ6ZUcbNh".....",
"dq": "bIfqm7lKkuEeTxuOHHt4Iv2ifn.....",
"e": "AQAB.....",
"use": "enc",
"kid": "e1",
"alg": "RSA-OAEP",
"n": "jpEyL3uCZ1Grkg4sFTtAup0TxpZRiNb.....",
"p": "908JDuuB980K6cIf9CHkxVET1.....",
"q": "k5PU03Dl8qUpxArtTxT.....",
"qi": "AIbn9n3zD5VaWfyxxcneY510KSkm.....",
}
]
第一个问题,为什么我有两个钥匙?
然后,如何提取私钥?
如果我阅读文档:
“ RSA”的字段“ kty”值将其标识为RSA密钥。的 字段“ n”和“ e”的值是base64url编码的模数, (公共)指数(分别)使用最小八位位组数 必要。字段“ d”的值是base64url编码的私有 指数使用必需的最小八位位组数。田野 “ p”,“ q”,“ dp”,“ dq”和“ qi”是base64url编码的附加字符 使用最少的八位位组数目的私人信息。
对于2048位密钥,字段“ n”在以下情况下的长度为256个八位位组 解码,并且字段“ d”的长度不超过256个八位字节 解码时。
据我所知,私有密钥是字段:d
_keyPrivate = "FVSxlyJTtDw ....."; //field d:
var client = new RestClient("https://test/oidc/token");
var request = new RestRequest(Method.POST);
request.AddHeader("cache-control", "no-cache");
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.RequestFormat = DataFormat.Json;
request.AddParameter("grant_type", "authorization_code");
request.AddParameter("code", _code);
request.AddParameter("redirect_uri", "https://localhost:44302/");
request.AddParameter("client_assertion", (headerEncoded + "." + payloadEncoded + "." + _keyPrivate ));
request.AddParameter("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
IRestResponse response = client.Execute(request);
但是我收到一个错误消息:
{“错误”:“ unauthorized_client”,“详细信息”:“签名断言无效”,“ uid”:“ 511334434”}
你能帮我吗?
我已经尝试了不同的方法,但是没有成功?
是否无法将.json文件加载到对象中并提取私钥?
预先感谢