refactor: populate publicKey with a JWK when one is downloaded

Author: panva

src/editor/public-key-download.js

@@ -1,5 +1,4 @@
 import { createRemoteJWKSet } from 'jose/jwks/remote'
-import { EmbeddedJWK } from 'jose/jwk/embedded'
 import * as keyExport from 'jose/key/export'
 
 import { httpGet } from '../utils.js';
@@ -26,7 +25,7 @@ function getKeyFromX5Claims(claims) {
 }
 
 function getKeyFromJwkKeySetUrl(header, url) {
-  return createRemoteJWKSet(new URL(url))(header, {}).then((key) => keyExport.exportSPKI(key))
+  return createRemoteJWKSet(new URL(url))(header, {}).then(keyExport.exportJWK).then((jwk) => JSON.stringify(jwk, null, 2))
 }
 
 export function downloadPublicKeyIfPossible(decodedToken) {
@@ -44,7 +43,7 @@ export function downloadPublicKeyIfPossible(decodedToken) {
     } else if(header.jku) {
       getKeyFromJwkKeySetUrl(header, header.jku).then(resolve, reject);
     } else if(header.jwk) {
-      EmbeddedJWK(header, {}).then((key) => keyExport.exportSPKI(key)).then(resolve, reject);
+      resolve(JSON.stringify(header.jwk, null, 2))
     } else if(payload.iss) {
       const url = payload.iss + (payload.iss.substr(-1) === '/' ? '.well-known/openid-configuration' : '/.well-known/openid-configuration')
 

test/functional/editor.js

@@ -578,7 +578,7 @@ describe('Editor', function() {
         const publicKey = await this.page.$eval('textarea[name="public-key"]',
           publicKeyElement => publicKeyElement.value);
 
-        expect(publicKey).to.include(defaultTokens.rs256.publicKey);
+        expect(jwks.keys[0]).to.contain(JSON.parse(publicKey))
       });
 
       it('jku', async function() {
@@ -604,7 +604,7 @@ describe('Editor', function() {
         const publicKey = await this.page.$eval('textarea[name="public-key"]',
           publicKeyElement => publicKeyElement.value);
 
-        expect(publicKey).to.include(defaultTokens.rs256.publicKey);
+        expect(jwks.keys[0]).to.contain(JSON.parse(publicKey))
       });
 
       it('x5c', async function() {

test/unit/editor/public-key-download.js

@@ -48,7 +48,7 @@ describe('Public key downloader', function() {
     }]
   };
 
-  const keyAsPEM = `-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GPz+Er5h7PCk4v3pSln\naLYNYrp4sVc6Tx7FVz9d8m4zIS2qzcTM/6dRbMgZ4hBdD35NpYzU4z+d8lN27+J/\njOzHnCiMdkY+w52dCofAkICh6ftkFlG9bFQyH8Jz5UtpVkZyy1dxCRz/sbRAzUdj\nUYsGvrKXg+3UYCL5SBCnt0ycrvr3iKX9k8IlMrFRB8lBJ6eQVzkzGsuivPaThXjV\nZ/OpY7W+XsDjut7cFgPKIc843tW4CNaDJ6j3afm+RFOok//xLQH5uA7HXS/yqfEc\nhvzXfYfMxJY2d+Eqw4xTurm3TT07RnwJuN9slDJUrTH9EKkJkjZ7dn7fZtGjGTpa\nDQIDAQAB\n-----END PUBLIC KEY-----\n`;
+  const keyAsJWK = JSON.stringify({ kty: jwks.keys[0].kty, n: jwks.keys[0].n, e: jwks.keys[0].e }, null, 2)
 
   it('Finds keys in iss + .well-known URL', function(done) {
     const decodedToken = _.defaultsDeep({}, decodedBaseToken, {
@@ -74,7 +74,7 @@ describe('Public key downloader', function() {
     }).downloadPublicKeyIfPossible;
 
     downloadPublicKeyIfPossible(decodedToken)
-      .should.eventually.include(keyAsPEM)
+      .should.eventually.include(keyAsJWK)
       .then(() => {
         httpGetStub.should.have.been
                    .calledWith(baseUrl + '.well-known/openid-configuration');
@@ -97,7 +97,7 @@ describe('Public key downloader', function() {
     }).downloadPublicKeyIfPossible;
 
     downloadPublicKeyIfPossible(decodedToken)
-      .should.eventually.include(keyAsPEM)
+      .should.eventually.include(JSON.stringify(jwks.keys[0], null, 2))
       .then(() => {
         httpGetStub.should.have.callCount(0);
       }).should.notify(done);
@@ -123,7 +123,7 @@ describe('Public key downloader', function() {
     }).downloadPublicKeyIfPossible;
 
     downloadPublicKeyIfPossible(decodedToken)
-      .should.eventually.include(keyAsPEM)
+      .should.eventually.include(keyAsJWK)
       .then(() => {
         httpGetStub.should.have.callCount(0);
       })