IdentityShroud/IdentityShroud.Core/DTO/JsonWebKey.cs

using System.Text.Json.Serialization;
using IdentityShroud.Core.Helpers;

namespace IdentityShroud.Core.Messages;

// https://www.rfc-editor.org/rfc/rfc7517.html


public class JsonWebKey
{
    [JsonPropertyName("kty")]
    public string KeyType { get; set; } = "RSA";
    
    // Common values sig(nature) enc(ryption)
    [JsonPropertyName("use")]
    public string? Use { get; set; } = "sig"; // "sig" for signature, "enc" for encryption
    
    // Per standard this field is optional, commented out for now as it seems not 
    // have any good use in an identity server. Anyone validating tokens should use
    // the algorithm specified in the header of the token.
    // [JsonPropertyName("alg")]
    // public string? Algorithm { get; set; } = "RS256";
    
    [JsonPropertyName("kid")]
    public required string KeyId { get; set; }
    
    // RSA Public Key Components
    [JsonPropertyName("n")]
    public string? Modulus { get; set; }
    
    [JsonPropertyName("e")]
    public string? Exponent { get; set; }
    
    // ECdsa
    public string? Curve { get; set; }
    [JsonConverter(typeof(Base64UrlConverter))]
    public byte[]? X { get; set; }
    [JsonConverter(typeof(Base64UrlConverter))]
    public byte[]? Y { get; set; }
    
    // Optional fields
    // [JsonPropertyName("x5c")]
    // [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
    // public List<string>? X509CertificateChain { get; set; }
    //
    // [JsonPropertyName("x5t")]
    // [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
    // public string? X509CertificateThumbprint { get; set; }    
}
Miscelanious trials 2026-02-06 19:58:01 +01:00			`using System.Text.Json.Serialization;`
5-improve-encrypted-storage (#6) Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: https://code.eelkeklein.nl/eelke/IdentityShroud/pulls/6 2026-02-27 17:57:42 +00:00			`using IdentityShroud.Core.Helpers;`
Miscelanious trials 2026-02-06 19:58:01 +01:00
			`namespace IdentityShroud.Core.Messages;`

Fixes some warnings. 2026-02-14 14:54:48 +01:00			`// https://www.rfc-editor.org/rfc/rfc7517.html`


Miscelanious trials 2026-02-06 19:58:01 +01:00			`public class JsonWebKey`
			`{`
			`[JsonPropertyName("kty")]`
			`public string KeyType { get; set; } = "RSA";`

Fixes some warnings. 2026-02-14 14:54:48 +01:00			`// Common values sig(nature) enc(ryption)`
Miscelanious trials 2026-02-06 19:58:01 +01:00			`[JsonPropertyName("use")]`
Fixes some warnings. 2026-02-14 14:54:48 +01:00			`public string? Use { get; set; } = "sig"; // "sig" for signature, "enc" for encryption`
Miscelanious trials 2026-02-06 19:58:01 +01:00
Implement jwks endpoint and add test for it. This also let to some improvements/cleanups of the other tests and fixtures. 2026-02-15 19:06:09 +01:00			`// Per standard this field is optional, commented out for now as it seems not`
			`// have any good use in an identity server. Anyone validating tokens should use`
			`// the algorithm specified in the header of the token.`
			`// [JsonPropertyName("alg")]`
			`// public string? Algorithm { get; set; } = "RS256";`
Miscelanious trials 2026-02-06 19:58:01 +01:00
			`[JsonPropertyName("kid")]`
Fixes some warnings. 2026-02-14 14:54:48 +01:00			`public required string KeyId { get; set; }`
Miscelanious trials 2026-02-06 19:58:01 +01:00
			`// RSA Public Key Components`
			`[JsonPropertyName("n")]`
5-improve-encrypted-storage (#6) Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: https://code.eelkeklein.nl/eelke/IdentityShroud/pulls/6 2026-02-27 17:57:42 +00:00			`public string? Modulus { get; set; }`
Miscelanious trials 2026-02-06 19:58:01 +01:00
			`[JsonPropertyName("e")]`
5-improve-encrypted-storage (#6) Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: https://code.eelkeklein.nl/eelke/IdentityShroud/pulls/6 2026-02-27 17:57:42 +00:00			`public string? Exponent { get; set; }`
Miscelanious trials 2026-02-06 19:58:01 +01:00
5-improve-encrypted-storage (#6) Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: https://code.eelkeklein.nl/eelke/IdentityShroud/pulls/6 2026-02-27 17:57:42 +00:00			`// ECdsa`
			`public string? Curve { get; set; }`
			`[JsonConverter(typeof(Base64UrlConverter))]`
			`public byte[]? X { get; set; }`
			`[JsonConverter(typeof(Base64UrlConverter))]`
			`public byte[]? Y { get; set; }`
Miscelanious trials 2026-02-06 19:58:01 +01:00
5-improve-encrypted-storage (#6) Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: https://code.eelkeklein.nl/eelke/IdentityShroud/pulls/6 2026-02-27 17:57:42 +00:00			`// Optional fields`
			`// [JsonPropertyName("x5c")]`
			`// [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]`
			`// public List<string>? X509CertificateChain { get; set; }`
			`//`
			`// [JsonPropertyName("x5t")]`
			`// [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]`
			`// public string? X509CertificateThumbprint { get; set; }`
Miscelanious trials 2026-02-06 19:58:01 +01:00			`}`