1

I will start with the back story. I am trying to implement/integrate https://jaas.8x8.vc into an application. Two years ago when I followed their tutorial. It worked. We have launched a new server and when I tried to move the code from the old working server to the new one. The service no longer worked. I read all of the documentation on the 8x8 project site and there are changes from the previous implementation. I get the code snippet working on the new server. The next step involves JWT. That is the part that changed from two years ago.

Now, I will skip the next three weeks of pounding my head on the desk to where I am now. The quest became to just be able to produce a signed JWT.

I created a clean install of this package independent of my application. I used composer to bring in the dependencies. I copied and pasted the code from this section of the documentation. https://web-token.spomky-labs.com/the-components/signed-tokens-jws/jws-creation

Here is my code. I am trying to create a signed JWT.

use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Signature\Algorithm\RS256;
use Jose\Component\Signature\JWSBuilder;

$algorithmManager = new AlgorithmManager([
    new RS256(),
]);

$keyFile = dirname(__FILE__, 6) . "/sites/RsaPrivateKey.pk";
$contents = file_get_contents($keyFile);


use Jose\Component\KeyManagement\JWKFactory;

$key = JWKFactory::createFromKeyFile(
    $keyFile, // The filename
    null,                   // Secret if the key is encrypted, otherwise null
    [
        'use' => 'sig',         // Additional parameters
    ]
);

echo "done";
$jwsBuilder = new JWSBuilder($algorithmManager);

// The payload we want to sign. The payload MUST be a string hence we use our JSON Converter.
$payload = json_encode([
    'exp' => time() + 3600,
    'iss' => 'My service',
    'aud' => 'jitsi',
]);


$jws = $jwsBuilder
    ->create()                               // We want to create a new JWS
    ->withPayload($payload)                  // We set the payload
    ->addSignature($key, ['alg' => 'RS256']) // We add a signature with a simple protected header
    ->build();                               // We build it

use Jose\Component\Signature\Serializer\CompactSerializer;

$serializer = new CompactSerializer(); // The serializer

$token = $serializer->serialize($jws, 0); // We serialize the signature at index 0 (we only have one signature).
user1794918
  • 1,131
  • 2
  • 16
  • 34
  • 1
    In my answer [there](https://stackoverflow.com/questions/67821481/can-anyone-explain-what-keys-are-in-dict-of-jwk-when-generating-key) I tell you about the JWK parameters that are relevant for RS256. In short: `n` and `e` are modulus and exponent of the public key. But it's not clear to me what you want to do. Sign a token? Then you need the private key (you seem to want to create a private key in the code). Or verify a token? Then you need a public key with `n` and `e`. And 'use' => 'enc' is also wrong, should be 'use' => 'sig', instead, because it's not about signing, not encryption. – jps Mar 25 '23 at 14:17
  • `k` is only relevant for symmetric algorithms like `HSxxx`. `crv`, `x` and `y` are parameters for elliptic curve algorithms, eg. `ESxxx`. – jps Mar 25 '23 at 14:22
  • To use the 8x8 system I have to create a JWT that includes the public key. The 'use' => 'enc' is in the documentation. I didn't make that up. I changed it to sig and now the error message is that the key is not private. It is not supposed to be a private key. It is supposed to be a public key. – user1794918 Mar 25 '23 at 20:40
  • @user1794918 The specification of the field `n` is defined in RFC 7518, section 6.3, see https://www.rfc-editor.org/rfc/rfc7518#section-6.3 – Progman Mar 25 '23 at 23:19
  • @user1794918 did you find any solution because I am getting the same error but in my UAT environment, same code is working in live environment though – Rohannn Singh Apr 26 '23 at 06:40
  • There are two solutions. Change your Ubuntu kernel to the one that includes the brick math. I chose to go FHIR connection route. After I burned my server trying to change the kernel. – user1794918 May 31 '23 at 22:58

0 Answers0