I want to expose public keys on a URL, I think something like this:
return keySet.toJson(OutputControlLevel.PUBLIC_ONLY);
but when I try to consume from the URL:
HttpsJwks keyUrl = new HttpsJwks("https://dmdcggwvwj.execute-api.ca-central-1.amazonaws.com/authBeta/z/key");
List<JsonWebKey> keySet = keyUrl.getJsonWebKeys();
I get this exception:
java.lang.ClassCastException: java.lang.String cannot be cast to org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap
What am I missing here?
从https://dmdcggwvwj.execute-api.ca-central-1.amazonaws.com/authBeta/z/key返回的内容如下所示,所有引号都已转义(似乎有一轮 JSON 转义或应用到它的处理):
"{\"keys\":[{\"kty\":\"RSA\",\"n\":\"iCSHtMjeCc0RTNw1uVAlciaBtGOgOV7dhtbbjfzfWYdVxQN9tB4Z0gI_4nIcrzLvzg_Sm_iJKUsZuU29JM0tgFvXwfb_pkFL8E7HmbiKaLtL8QofGHkGPbCTCyJ-8YPu3uVLgUmyCKGmShBqWIm_VOSGGivZwYjK4-ONbYC5DrVO0yIzRKnF7ZtfCCxVkkI3D8_-_0anViVmSnsQimLCFfPJwgOmoRFFZENQOFYEyHmGTcQkDEDDePvWAwb32FTZBKgs09CuLiP-n7GhqtUW6RbnL8hwPm9GlLEYa3MahjVEeI23j6r_dlttzVZyW99gXdUUqrkRmrRrYOJnmtQzKQ\",\"e\":\"AQAB\"}]}"
jose4j 中的小 JSON 解析器将整个内容解析为单个字符串。错误消息可能要好得多,但基本上它期望一个 JSON 对象将被解析为 Map,并且在将解析的对象转换为 Map 时失败。
而直接来自的输出keySet.toJson(OutputControlLevel.PUBLIC_ONLY)将是这样的:
{"keys":[{"kty":"RSA","n":"iCSHtMjeCc0RTNw1uVAlciaBtGOgOV7dhtbbjfzfWYdVxQN9tB4Z0gI_4nIcrzLvzg_Sm_iJKUsZuU29JM0tgFvXwfb_pkFL8E7HmbiKaLtL8QofGHkGPbCTCyJ-8YPu3uVLgUmyCKGmShBqWIm_VOSGGivZwYjK4-ONbYC5DrVO0yIzRKnF7ZtfCCxVkkI3D8_-_0anViVmSnsQimLCFfPJwgOmoRFFZENQOFYEyHmGTcQkDEDDePvWAwb32FTZBKgs09CuLiP-n7GhqtUW6RbnL8hwPm9GlLEYa3MahjVEeI23j6r_dlttzVZyW99gXdUUqrkRmrRrYOJnmtQzKQ","e":"AQAB"}]}
jose4j 可以解析/处理它。
我认为您需要查看 authBeta/z/key 端点上发生的情况,并找到并停止进行额外的转义。