splitbrain/azure-ad-b2c-jwt-rsa.php

## azure-ad-b2c-jwt-rsa.php
<?php

// composer require phpseclib/phpseclib
require_once('vendor/autoload.php');


$tenant = 'cosmocode';
$policy = 'b2c_1_signupandsignin';

$json = file_get_contents("https://$tenant.b2clogin.com/$tenant.onmicrosoft.com/$policy/discovery/v2.0/keys");
$data = json_decode($json, true);
$keydata = $data['keys'][0]; // FIXME keyid should be compared with kid from token

$rsa = new phpseclib\Crypt\RSA();
$rsa->loadKey(
    array(
        'e' => new phpseclib\Math\BigInteger(urlsafeB64Decode($keydata['e']), 256),
        'n' => new phpseclib\Math\BigInteger(urlsafeB64Decode($keydata['n']), 256),
    )
);

var_dump($rsa->getPublicKey());


// @FIXME use the function from a JWT library
function urlsafeB64Decode($input)
{
    $remainder = strlen($input) % 4;
    if ($remainder) {
        $padlen = 4 - $remainder;
        $input .= str_repeat('=', $padlen);
    }
    return base64_decode(strtr($input, '-_', '+/'));
}
	<?php

	// composer require phpseclib/phpseclib
	require_once('vendor/autoload.php');


	$tenant = 'cosmocode';
	$policy = 'b2c_1_signupandsignin';

	$json = file_get_contents("https://$tenant.b2clogin.com/$tenant.onmicrosoft.com/$policy/discovery/v2.0/keys");
	$data = json_decode($json, true);
	$keydata = $data['keys'][0]; // FIXME keyid should be compared with kid from token

	$rsa = new phpseclib\Crypt\RSA();
	$rsa->loadKey(
	array(
	'e' => new phpseclib\Math\BigInteger(urlsafeB64Decode($keydata['e']), 256),
	'n' => new phpseclib\Math\BigInteger(urlsafeB64Decode($keydata['n']), 256),
	)
	);

	var_dump($rsa->getPublicKey());



	// @FIXME use the function from a JWT library
	function urlsafeB64Decode($input)
	{
	$remainder = strlen($input) % 4;
	if ($remainder) {
	$padlen = 4 - $remainder;
	$input .= str_repeat('=', $padlen);
	}
	return base64_decode(strtr($input, '-_', '+/'));
	}