Skip to content

Commit

Permalink
Merge pull request #84 from randName/try-all-keys
Browse files Browse the repository at this point in the history
try all keys for NDI
  • Loading branch information
Gyunikuchan authored Apr 17, 2024
2 parents b4433e0 + bab64ec commit 02fc84c
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 12 deletions.
4 changes: 2 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@govtechsg/singpass-myinfo-oidc-helper",
"version": "8.3.8",
"version": "8.3.9",
"description": "Helper for building a Relying Party to integrate with Singpass OIDC and MyInfo person basic API",
"main": "dist/index.js",
"types": "dist/index.d.ts",
Expand Down
34 changes: 28 additions & 6 deletions src/corppass/corppass-helper-ndi.ts
Original file line number Diff line number Diff line change
Expand Up @@ -165,11 +165,22 @@ export class NdiOidcHelper {
const {
data: { keys },
} = await this.axiosClient.get<{ keys: Object[] }>(finalJwksUri, { headers: this.additionalHeaders });
const jwsVerifyKey = JSON.stringify(keys[0]);

const { access_token } = tokens;
const verifiedJws = await JweUtil.verifyJWS(access_token, jwsVerifyKey, "json");
return JSON.parse(verifiedJws.payload.toString()) as AccessTokenPayload;
let error = null;
for (const key of keys) {
try {
const verified = await JweUtil.verifyJWS(access_token, JSON.stringify(key), "json");
return JSON.parse(verified.payload.toString()) as AccessTokenPayload;
} catch (err) {
error = err;
}
}
if (error) {
throw error;
} else {
throw new SingpassMyInfoError('could not verify with any key');
}
} catch (e) {
logger.error("Failed to get access token payload", e);
throw e;
Expand All @@ -190,15 +201,26 @@ export class NdiOidcHelper {
const {
data: { keys },
} = await this.axiosClient.get<{ keys: Object[] }>(finalJwksUri, { headers: this.additionalHeaders });
const jwsVerifyKey = JSON.stringify(keys[0]);

const { id_token } = tokens;

const finalDecryptionKey = overrideDecryptKey ?? this.jweDecryptKey;
const decryptedJwe = await JweUtil.decryptJWE(id_token, finalDecryptionKey.key, finalDecryptionKey.format);
const jwsPayload = decryptedJwe.payload.toString();
const verifiedJws = await JweUtil.verifyJWS(jwsPayload, jwsVerifyKey, "json");
return JSON.parse(verifiedJws.payload.toString()) as NDIIdTokenPayload;
let error = null;
for (const key of keys) {
try {
const verified = await JweUtil.verifyJWS(jwsPayload, JSON.stringify(key), "json");
return JSON.parse(verified.payload.toString()) as NDIIdTokenPayload;
} catch (err) {
error = err;
}
}
if (error) {
throw error;
} else {
throw new SingpassMyInfoError('could not verify with any key');
}
} catch (e) {
logger.error("Failed to get ID token payload", e);
throw e;
Expand Down
17 changes: 14 additions & 3 deletions src/singpass/singpass-helper-ndi.ts
Original file line number Diff line number Diff line change
Expand Up @@ -111,15 +111,26 @@ export class NdiOidcHelper {
const {
data: { keys },
} = await this.axiosClient.get<{ keys: Object[] }>(jwks_uri);
const jwsVerifyKey = JSON.stringify(keys[0]);

const { id_token } = tokens;

const finalDecryptionKey = overrideDecryptKey ?? this.jweDecryptKey;
const decryptedJwe = await JweUtil.decryptJWE(id_token, finalDecryptionKey.key, finalDecryptionKey.format);
const jwsPayload = decryptedJwe.payload.toString();
const verifiedJws = await JweUtil.verifyJWS(jwsPayload, jwsVerifyKey, "json");
return JSON.parse(verifiedJws.payload.toString()) as TokenPayload;
let error = null;
for (const key of keys) {
try {
const verified = await JweUtil.verifyJWS(jwsPayload, JSON.stringify(key), "json");
return JSON.parse(verified.payload.toString()) as TokenPayload;
} catch (err) {
error = err;
}
}
if (error) {
throw error;
} else {
throw new SingpassMyInfoError('could not verify with any key');
}
} catch (e) {
logger.error("Failed to get token payload", e);
throw e;
Expand Down

0 comments on commit 02fc84c

Please sign in to comment.