Last active
August 15, 2022 14:50
-
-
Save gangelo/66e5b728a0875069dddb2c80907a01b2 to your computer and use it in GitHub Desktop.
Inherited Proofing JWT/JWE activity between Login.gov and VA.gov
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'jwt' | |
| require 'jwe' | |
| # Login.gov private key. | |
| private_key = AppArtifacts.store.oidc_private_key | |
| # Login.gov payload. | |
| payload = { inherited_proofing_auth: 'mocked-auth-code-for-testing', exp: 1.day.from_now.to_i } | |
| # Login.gov side: Send request... | |
| encoded_payload = JWT.encode payload, private_key, 'RS256' | |
| puts "encoded_payload: #{encoded_payload}" | |
| # VA - START | |
| # VA.gov side: Receive Login.gov request for PII...use Login.gov's public key to decode. | |
| decoded_payload = JWT.decode token, private_key.public_key, true, { algorithm: 'RS256' } | |
| decoded_payload[0]['data'] = { user_pii: { name: 'John Doe', ssn: '123456789' } } | |
| puts "decoded_payload: #{decoded_payload}" | |
| # VA.gov side: Send response back to Login.gov...use Login.gov's public key to encrypt. | |
| encoded_payload = JWE.encrypt decoded_payload.to_json, private_key.public_key | |
| puts "encoded_payload: #{encoded_payload}" | |
| # VA - END | |
| # Login.gov side: Receive and decrypt payload... | |
| decrypted_payload = JSON.parse JWE.decrypt(encoded_payload, private_key) | |
| puts "decrypted_payload: #{decrypted_payload}" | |
| puts "decrypted_payload returned pii: #{decrypted_payload[0]['data'].to_h}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment