I’m sorry if this was posted before, I could not find it using the search function.
My issue is I am trying to create a JWK using ES256. To the best of my knowledge I have base-64-url-safe-encoded the header and payload, with the appropriate base-64-url-safe-encoded curve points of x and y. I have also created the signature using concatenation of r and s from ECDSA signing and base-64-url-safe-encoded them as well. I then concatenate then all together in the appropriate xxx.yyyy.zzz format.
However, when I try to validate the JWT on jwt.io, it gives me An array of 3 errors, an SPKI error, ad x.509 error, and an “unexpected end of JSON” JSON parse error. The inputs appear to be correct for the header and payload, and I have validated the output as properly formatted JSON on separate websites, so I am at a dead-end on the source of the issue.
If anyone has any advice I would appreciate it, and if code is necessary I can supply some early tomorrow.
The issue you’re encountering with JWT validation on likely stems from the way you’re constructing the JWK (JSON Web Key). Here’s a breakdown of potential problems and solutions:
SPKI and x.509 Errors:
JWK for ES256 uses Elliptic Curve Cryptography (ECC), not RSA. SPKI and x.509 are related to RSA keys, so might be confused if you’re including them in your JWK.
Solution: Remove any SPKI or x.509 related information from your JWK.
2. Unexpected End of JSON Error:
This could occur due to:
Incorrect Concatenation: Ensure proper concatenation with dots (“.”) separating the three base64url encoded parts (header, payload, signature) in the “xxx.yyy.zzz” format. Double-check for missing dots or extra characters.
Encoding Issues: Minor encoding errors during base64url encoding might lead to parsing issues. Verify your base64url encoding libraries or functions.
Here’s what to check further:
JWK format: Ensure your JWK adheres to the correct format for an ECC key with the following properties:
kty: “EC” (Elliptic Curve Key Type)
crv: The specific curve used (e.g., “P-256”)
x: Base64url encoded x coordinate of the public key.
y: Base64url encoded y coordinate of the public key.
Encoding libraries: Make sure the libraries you’re using for base64url encoding are reliable and producing valid output.
Additional Tips:
While you mentioned validating the JSON output on separate websites, consider using a dedicated JWK validator tool to confirm the format is correct for an ECC key.
If you can share some code snippets related to JWK creation (particularly the concatenation and encoding parts) tomorrow, it might help pinpoint the exact issue.
By addressing these points, you should be able to resolve the JWT validation errors on.