I did this, it wasn't easy, possibly due to my lack of knowledge. I
combed through the CAS source code to find the bits involved an simply
emulated them as they are all to spec. workings.
I didn't see any directly exposed CAS API's for this they were all
internal.
I made extensive use of the jose4j library to deal with the JWT tokens
etc etc.
https://bitbucket.org/b_c/jose4j/wiki/Home
Look around in the source for
CipherExecutor
EncodingUtils
for hints.
There are multiple layers (sorry can't remember the details). The JWT
component itself has signature and hashes and then the JWT itself is
additional encrypted before being stored in TOTP databases. Keep in mind
that there are secrets involved that once shared expose every token.
Not sure if this was much help.
Colin
On 11/11/20 3:58 PM, Jeffrey Ramsay wrote:
Hello -
I am hoping someone can point me in the right direction regarding JWT
used with CAS and which api is used to decode/decrypt them. I want to
be able to decode the GAUTH secret for third-party access.
Base64 decoding the string produces these headers.
{"alg":"HS512","typ":"JWT"}
{"zip":"DEF","alg":"dir","enc":"A256GCM","cty":"JWT","typ":"JWT"}
Thanks,
-Jeff
--
- Website: https://apereo.github.io/cas <https://apereo.github.io/cas>
- Gitter Chatroom: https://gitter.im/apereo/cas
<https://gitter.im/apereo/cas>
- List Guidelines: https://goo.gl/1VRrw7 <https://goo.gl/1VRrw7>
- Contributions: https://goo.gl/mh7qDG <https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+unsubscr...@apereo.org
<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOSO_RDcdt3OCezQ927d8VcDzfK0txvq9Oabc82Lj0tcFQ%40mail.gmail.com
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2BTBYOSO_RDcdt3OCezQ927d8VcDzfK0txvq9Oabc82Lj0tcFQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5d265ea-389d-acd1-7451-c95e2b994139%40caveo.ca.