IdentityShroud/IdentityShroud.Core/DTO/JsonWebKey.cs

using System.Text.Json.Serialization;
using IdentityShroud.Core.Helpers;

namespace IdentityShroud.Core.Messages;

// https://www.rfc-editor.org/rfc/rfc7517.html


public class JsonWebKey
{
    [JsonPropertyName("kty")]
    public string KeyType { get; set; } = "RSA";
    
    // Common values sig(nature) enc(ryption)
    [JsonPropertyName("use")]
    public string? Use { get; set; } = "sig"; // "sig" for signature, "enc" for encryption
    
    // Per standard this field is optional, commented out for now as it seems not 
    // have any good use in an identity server. Anyone validating tokens should use
    // the algorithm specified in the header of the token.
    // [JsonPropertyName("alg")]
    // public string? Algorithm { get; set; } = "RS256";
    
    [JsonPropertyName("kid")]
    public required string KeyId { get; set; }
    
    // RSA Public Key Components
    [JsonPropertyName("n")]
    public string? Modulus { get; set; }
    
    [JsonPropertyName("e")]
    public string? Exponent { get; set; }
    
    // ECdsa
    public string? Curve { get; set; }
    [JsonConverter(typeof(Base64UrlConverter))]
    public byte[]? X { get; set; }
    [JsonConverter(typeof(Base64UrlConverter))]
    public byte[]? Y { get; set; }
    
    // Optional fields
    // [JsonPropertyName("x5c")]
    // [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
    // public List<string>? X509CertificateChain { get; set; }
    //
    // [JsonPropertyName("x5t")]
    // [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
    // public string? X509CertificateThumbprint { get; set; }    
}