EMQX5.0使用JWKS认证登录失败

环境

  • EMQX 版本:5.0.24
  • 操作系统版本:centos 7

重现此问题的步骤

  1. java写了一个返回jwks的接口,格式如图中返回的json一样
  2. 通过上诉的jwks生成了jwt,代码如下图
@GetMapping("/jwt")
    public R getJwksJwt() throws JOSEException, IOException, ParseException {
        // JWKS endpoint URL or JWKS JSON
        URL jwksURL = new URL("http://127.0.0.1:8000");

        // Parse the JWKS
        JWKSet jwkSet = JWKSet.load(jwksURL);

        // Select a JWK from the JWKS
        RSAKey rsaKey = (RSAKey)jwkSet.getKeyByKeyId("my-key-id");

        // Extract the private key from the JWK (assuming it's an RSA key)
        RSAPrivateKey privateKey = redisService.getCacheObject("rsaPrivateKey");

        // Create a JWT signer with the private key
        JWSSigner signer = new RSASSASigner(privateKey);

        // Create a JWT header
        JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256)
                .keyID(rsaKey.getKeyID())
                .build();

        // Create a JWT payload
        JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
                .build();

        // Create a signed JWT
        SignedJWT signedJWT = new SignedJWT(header, claimsSet);

        // Sign the JWT
        signedJWT.sign(signer);

        // Serialize the JWT to its final string representation
        String jwtString = signedJWT.serialize();
        return R.ok().setCode(200).data("jwt",jwtString);
    }
  1. 显示无法登录

预期行为

通过我配置的jwks可进行登录认证

实际行为

认证失败

你返回给emqx的jwks格式不支持,要是json的才行。
格式大概长这样子(不好意思,文档后续会优化):

{
        "keys": [
            {
                "kty": "oct",
                "alg": "HS256",
                "use": "sig",
                "kid": "1",
                "k": "YzU4YjUxNjUxOGE2M2RhZjg5MzE1N2JmODM2YzVmYjNhZmVkZTYzZTU1ODk3MmI0YzllYTJjYTc3Y2Q2Y2E3Mg"
            },
            {
                "kty": "oct",
                "alg": "HS256",
                "use": "sig",
                "kid": "2",
                "k": "YjI2YzY2Y2VkOWQzMTIxZDI2NjUzOTVhNjE4ODA4Yjk4NzY4MjYxMjE5N2I5Y2Q5YmZjY2Q3MTlhYjY3YzY3OQ"
            }
        ]
    }

不会java,问了下GPT,他说可以这样转,你试试: