read jwks from stdin and write PEM to stdout
OpenID Connect identity providers have a JWT keyset endpoint.
The most widely used JWT validation library in golang wants a PEM public key.
Converting them is a PITA, and I've wasted time figuring out the magic openssl incantations for the last time now.
If you clone this repository outside your GOPATH, go build -o jwks2pem main.go
should produce an simple executable
that takes care of the conversion for you.
It reads a jwks from standard input, and writes the PEM format of all keys in the set to stdout, so you can do
curl -s <jwks-url> | ./jwks2pem
Note: if your public keys in the key set aren't RSA keys, you will have to make a rather obvious change
to the code. Just replace the &rsa.PublicKey{}
with the appropriate type.
Many thanks to
- the author of lestrrat-go/jwx
- the author of square/go-jose, even though I didn't end up using it, it gave me important pointers
- everyone who participated in this stackoverflow discussion