IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2026-02-06 09:56:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

add encryption key to jwks.json

Browse Source
This commit is contained in:
einhornimmond 2025-07-20 09:52:55 +02:00
parent 80903243df
commit 7e6242a8f7
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
backend/src/openIDConnect/index.ts
View File

@ -27,8 +27,10 @@ export const jwks = async (req: any, res: any): Promise<void> => {
throw new Error(defaultErrorForCaller)
}
try {
const publicKey = await importSPKI(homeCommunity.publicJwtKey, 'RS256')
const jwk = await exportJWK(publicKey)
const rs256Key = await importSPKI(homeCommunity.publicJwtKey, 'RS256')
const rsaKey = await importSPKI(homeCommunity.publicJwtKey, 'RSA-OAEP-256')
const jwkRs256 = await exportJWK(rs256Key)
const jwkRsa = await exportJWK(rsaKey)
// Optional: calculate Key ID (z.B. SHA-256 Fingerprint)
const kid = createHash('sha256')
@ -38,11 +40,17 @@ export const jwks = async (req: any, res: any): Promise<void> => {
const jwks = {
keys: [
{
...jwk,
...jwkRs256,
alg: 'RS256',
use: 'sig',
kid,
},
{
...jwkRsa,
alg: 'RSA-OAEP-256',
use: 'sig',
kid,
},
],
}
res.setHeader('Cache-Control', 'public, max-age=3600, immutable')