Hi, I'm opening this issue just to try to understand what seems to be a limitation in luaossl. If it is indeed the case, I'm willing to contribute code.

I'm trying to solve the exact same problem in Lua as the author of this post is trying in C#:
https://stackoverflow.com/questions/34403823/verifying-jwt-signed-with-the-rs256-algorithm-using-public-key-in-c-sharp
Basically, I get a public key in the form of modulus and public exponent from some OAuth API instead of the standard PEM string, and the luaossl doesn't seem to provide a way to do this, if I'm not mistaken. The pkey_new function seems to accept only a single exponent along with a bit length:

With a simple python script I've managed to export a PEM key that I can use with luaossl for JWT signature verification, but I would prefer a pure lua solution.

To illustrate, here is the core of the python script.

from Crypto.PublicKey import RSA

def b64_decode(b64):
    if type(b64) == unicode:
        b64 = b64.encode('ascii', 'ignore')
    return base64.urlsafe_b64decode(b64 + '='*(len(b64) % 4))

modulus = long(binascii.hexlify(b64_decode(key["n"].encode('ascii', 'ignore'))),16)
exponent = long(binascii.hexlify(b64_decode(key["e"].encode('ascii', 'ignore'))),16)
public_key = RSA.construct((modulus, exponent))
print(public_key.exportKey('PEM'))

At the moment I think you have to create a dummy key and then use :setParameters to replace it with the ones you want.
This is a reasonable feature/enhancement request.