Apparent confusion of `kty` and `alg`

Question

Apparent confusion of `kty` and `alg`

michielbdejong opened this issue 4 years ago · comments

The following DPoP token is not accepted by https://github.com/solid/identity-token-verifier:

{
  header: {
    alg: 'RS256',
    typ: 'dpop+jwt',
    jwk: {
      kty: 'RSA',
      kid: '3tjG2YeuINJZu1dsESrcDVLsH48wfPPJh_qvBX81Tcs',
      use: 'sig',
      alg: 'RSA',
      e: 'AQAB',
      n: '1JLhXFU_5eUoSXBg2QzuPL1zYgWY--3vEEgduukdODdieQXZOIWj2VKHxaHQzIgqQbZz8erx0DW6hGRbxKpkbVJbloK3zcVkPCooEctLDvTXARlpHihfAAh70IW2qK8jbaublaZ6WJg5pDLafLXwnMB6utg-MrdnFku_81WeDc93jCEs3UQOI80b_WpG1ZWnayy18cNKu-CyJIjwDjBpc7db5KTmkqkQdC-WKsHF4_-BM4nuX7zYQS6p1IUpjIBJDv2HkAaoanfP2xg42C3CBiFKHxBhYSytGgMRNX2Udj2ETDVCD0of2WCaRFqPQMuXtq_CWIFw6VflWDBq64iD_Q'
    }
  },
  payload: {
    htu: 'http://localhost:3000/.acl',
    htm: 'GET',
    jti: '4d7c8dd5-a899-4907-a551-36e1ba76a30b',
    iat: 1613376843,
    exp: 1613380443
  },
  signature: '0SKJZL17j4sjqIR6_4o4ocNUV3xq60gmbZpsVzjaHy0o67FlZ4P3q3yFuIS0-3MOts3RNp5I6YllBfti-b9A4aVUATOKJcNvwQercWw5vvMg3v252XjV8E86Ir3oDVAlqHTEYX89AjeZ73PN9gI0x8D3pP0mr1wcpZcvj7jM4u57XN3GTH4uYATQT1wdAhmz9y_sKSw_7K0zZOC8ItfDtfdr1FROn2UyWdVzLeI_pbKHLv7CyngoKbJPZrwqYQ9sKXSXw4m9IH6-71RPTHhCUxG1EyC6igytCi6QmuSYm1sBWin-tuuCGFFvLRn0A_yWxWwCc5Sq_xeH15bWXerzMA'
}

Note that both header.jwk.kty and header.jwk.alg have the value 'RSA'.
It makes community-server output a validation error which is thrown in https://github.com/solid/identity-token-verifier/blob/0cbb50406717496ecc900d1e3171b2f7ee946a31/src/guards/DPoPJWKGuard.ts#L65
It checks if RSA is in Set { 'RS256', 'RS384', 'RS512' }, which it is not.

And indeed, if you change header.jwk.alg to 'RS256', then community-server correctly logs:

Verified WebID via DPoP-bound access token: https://solid-crud-tests-example-1.solidcommunity.net/profile/card#me

Aaron Coburn · Answer 1 · Tue Feb 16 2021 00:07:28 GMT+0800 (China Standard Time)

The jwk.alg field is incorrect. If present, the value should be one of those listed by IANA: https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms

In this case, the alg field should be RS256

Michiel de Jong · Answer 2 · Tue Feb 16 2021 17:23:47 GMT+0800 (China Standard Time)

Turns out NSS behaviour was fine, and it was solid-auth-fetcher that was setting the wrong value!