I want to expose public keys on a URL, I think something like this:
return keySet.toJson(OutputControlLevel.PUBLIC_ONLY);
but when I try to consume from the URL:
HttpsJwks keyUrl = new HttpsJwks("https://dmdcggwvwj.execute-api.ca-central-1.amazonaws.com/authBeta/z/key");
List<JsonWebKey> keySet = keyUrl.getJsonWebKeys();
I get this exception:
java.lang.ClassCastException: java.lang.String cannot be cast to org.jose4j.json.JsonUtil$DupeKeyDisallowingLinkedHashMap
What am I missing here?
The content returned from https://dmdcggwvwj.execute-api.ca-central-1.amazonaws.com/authBeta/z/key looks like the following with all the quotes escaped (it appears to have had a round of JSON escaping or processing applied to it):
"{\"keys\":[{\"kty\":\"RSA\",\"n\":\"iCSHtMjeCc0RTNw1uVAlciaBtGOgOV7dhtbbjfzfWYdVxQN9tB4Z0gI_4nIcrzLvzg_Sm_iJKUsZuU29JM0tgFvXwfb_pkFL8E7HmbiKaLtL8QofGHkGPbCTCyJ-8YPu3uVLgUmyCKGmShBqWIm_VOSGGivZwYjK4-ONbYC5DrVO0yIzRKnF7ZtfCCxVkkI3D8_-_0anViVmSnsQimLCFfPJwgOmoRFFZENQOFYEyHmGTcQkDEDDePvWAwb32FTZBKgs09CuLiP-n7GhqtUW6RbnL8hwPm9GlLEYa3MahjVEeI23j6r_dlttzVZyW99gXdUUqrkRmrRrYOJnmtQzKQ\",\"e\":\"AQAB\"}]}"
And the little JSON parser inside jose4j parses that whole thing into a single string. The error message could be much better but bascially it's expecting a JSON object that would be parsed into a Map and is failing when casting the parsed object to a Map.
whereas the output directly from keySet.toJson(OutputControlLevel.PUBLIC_ONLY) would be like this:
{"keys":[{"kty":"RSA","n":"iCSHtMjeCc0RTNw1uVAlciaBtGOgOV7dhtbbjfzfWYdVxQN9tB4Z0gI_4nIcrzLvzg_Sm_iJKUsZuU29JM0tgFvXwfb_pkFL8E7HmbiKaLtL8QofGHkGPbCTCyJ-8YPu3uVLgUmyCKGmShBqWIm_VOSGGivZwYjK4-ONbYC5DrVO0yIzRKnF7ZtfCCxVkkI3D8_-_0anViVmSnsQimLCFfPJwgOmoRFFZENQOFYEyHmGTcQkDEDDePvWAwb32FTZBKgs09CuLiP-n7GhqtUW6RbnL8hwPm9GlLEYa3MahjVEeI23j6r_dlttzVZyW99gXdUUqrkRmrRrYOJnmtQzKQ","e":"AQAB"}]}
And jose4j could parse/process that.
I think you'll need to look into what's happening on the authBeta/z/key endpoint and find and stop doing the extra escaping.