Created
April 15, 2019 12:57
Revisions
-
splitbrain created this gist
Apr 15, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,35 @@ <?php // composer require phpseclib/phpseclib require_once('vendor/autoload.php'); $tenant = 'cosmocode'; $policy = 'b2c_1_signupandsignin'; $json = file_get_contents("https://$tenant.b2clogin.com/$tenant.onmicrosoft.com/$policy/discovery/v2.0/keys"); $data = json_decode($json, true); $keydata = $data['keys'][0]; // FIXME keyid should be compared with kid from token $rsa = new phpseclib\Crypt\RSA(); $rsa->loadKey( array( 'e' => new phpseclib\Math\BigInteger(urlsafeB64Decode($keydata['e']), 256), 'n' => new phpseclib\Math\BigInteger(urlsafeB64Decode($keydata['n']), 256), ) ); var_dump($rsa->getPublicKey()); // @FIXME use the function from a JWT library function urlsafeB64Decode($input) { $remainder = strlen($input) % 4; if ($remainder) { $padlen = 4 - $remainder; $input .= str_repeat('=', $padlen); } return base64_decode(strtr($input, '-_', '+/')); }