I'm working on building an interface with ID.me. I am currently getting back a valid JWT from the ID.me API (it successfully decodes using JWT.IO) but I'm having trouble decoding it in ColdFusion. The CF function VerifySignedJWT has three required parameters and, I believe, I am having trouble with the second parameter signOptions. The CF documentation indicates this parameter should be a strcut containing the key, KeyPair, JWK-JSON Web Keyset URL or file or string, Keystore file, keystore password, keystore alias.
I am retrieveing the key array from the JWK-JSON Web Keyset URL (ID.me's well known endpoint) but am stuck here. When I attempt to decode using
<cftry>
<cfset payload = VerifySignedJWT(idToken, key, c)>
<cfcatch type="any">
<cfdump var = '#cfcatch#'>
<cfabort>
</cfcatch>
</cftry>
where ‘key’ is the RS256 key struct from the key array returned from the well-known endpoint.
I am getting the exception
struct
Detail | Either the keystore path is invalid or corrupt or the keystore password is wrong. |
Message | Error in loading keystore. |
StackTrace | coldfusion.util.KeystoreUtils$InvalidKeystoreException: Error in loading keystore. at coldfusion.util.KeystoreUtils.getKeyPair(KeystoreUtils.java:93) at coldfusion.jwt.StandardJwtProvider.verifySignedJwt(StandardJwtProvider.java:148) at coldfusion.runtime.CFPage.VerifySignedJWT(CFPage.java:18615) at cfidme2ecfc1636214689$funcDECODEIDTOKEN.runFunction(…… |
I have tried using the well-known enpoint URL, the full struct of keys (httpResult) returned from the well-known endpoint, just the RS256 key struct contained withing the httpResult array of keys. I keep getting the same error.
I can decode the token returned from the API at JWT.IO and I can validate the token, using the key returned from the well-known endpoint, at JWT.IO.
What am I missing?
Thanks!
2
Replies
AdChoices