What exactly does the response from https://www.googleapis.com/oauth2/v3/certs mean? I am trying to verify a JWT I got via the Google OpenID Connect process using node-jsonwebtokens and the key used to verify the signature must be one of those two. The source code however suggests that node-jsonwebtokens awaits a different key format than available in the response:
[
{
'kty': 'RSA',
'alg': 'RS256',
'use': 'sig',
'kid': 'e53139984bd36d2c230552441608cc0b5179487a',
'n': 'w5F_3au2fyRLapW4K1g0zT6hjF-co8hjHJWniH3aBOKP45xuSRYXnPrpBHkXM6jFkVHs2pCFAOg6o0tl65iRCcf3hOAI6VOIXjMCJqxNap0-j_lJ6Bc6TBKgX3XD96iEI92iaxn_UIVZ_SpPrbPVyRmH0P7B6oDkwFpApviJRtQzv1F6uyh9W_sNnEZrCZDcs5lL5Xa_44-EkhVNz8yGZmAz9d04htNU7xElmXKs8fRdospyv380WeaWFoNJpc-3ojgRus26jvPy8Oc-d4M5yqs9mI72-1G0zbGVFI_PfxZRL8YdFAIZLg44zGzL2M7pFmagJ7Aj46LUb3p_n9V1NQ',
'e': 'AQAB'
},
{
'kty': 'RSA',
'alg': 'RS256',
'use': 'sig',
'kid': 'bc8a31927af20860418f6b2231bbfd7ebcc04665',
'n': 'ucGr4fFCJYGVUwHYWAtBNclebyhMjALOTUmmAXdMrCIOgT8TxBEn5oXCrszWX7RoC37nFqc1GlMorfII19qMwHdC_iskju3Rh-AuHr29zkDpYIuh4lRW0xJ0Xyo2Iw4PlV9qgqPJLfkmE5V-sr5RxZNe0T1jyYaOGIJ5nF3WbDkgYW4GNHXhv-5tOwWLThJRtH_n6wtYqsBwqAdVX-EVbkyZvYeOzbiNiop7bDM5Td6ER1oCBC4NZjvjdmnOh8-_x6vB449jL5IRAOIIv8NW9dLtQd2DescZOw46HZjWO-zwyhjQeYY87R93yM9yivJdfrjQxydgEs8Ckh03NDATmQ',
'e': 'AQAB'
}
]
It doesn't have the classical BEGIN PUBLIC KEY block, is it maybe encoded? Is there an additional step needed?
That code indeed deals with PEM-formatted certificates/keys instead of the JSON Web Key (JWK) formatted key material that is published by Google on the URL that you gave.
There is however a different URL that serves the (same) key material in PEM format here: https://www.googleapis.com/oauth2/v1/certs. You can use that representation in node-jsonwebtoken.