tolitius/jwks-repl.clj

## jwks-repl.clj
(require '[jsonista.core :as json]
         '[org.httpkit.client :as http]
         '[buddy.core.keys :as keys]
         '[buddy.sign.jwt :as jwt])

(def mapper (json/object-mapper {:decode-key-fn keyword}))

;; if done fo real => check for http/get error
(defn jwks->pubkey [jwks-url]
  (-> @(http/get jwks-url)
      :body
      (json/read-value mapper)
      :keys
      first
      keys/jwk->public-key))

(defn validate-token [pkey token claims]
  (try
    (jwt/unsign token pkey claims)
    (catch Throwable t
      {:error   true
       :details (ex-data t)})))

(def token "eyJhbG.....")

(-> (jwks->pubkey "https://YOUR_DOMAIN/.well-known/jwks.json")
    (validate-token token {:alg :rs256}))

;; => {:scope ["app:area:read"],
;;     :client_id "gitpod",
;;     :iss "https://YOUR_DOMAIN",
;;     :exp 1585616824}
	(require '[jsonista.core :as json]
	'[org.httpkit.client :as http]
	'[buddy.core.keys :as keys]
	'[buddy.sign.jwt :as jwt])

	(def mapper (json/object-mapper {:decode-key-fn keyword}))

	;; if done fo real => check for http/get error
	(defn jwks->pubkey [jwks-url]
	(-> @(http/get jwks-url)
	:body
	(json/read-value mapper)
	:keys
	first
	keys/jwk->public-key))

	(defn validate-token [pkey token claims]
	(try
	(jwt/unsign token pkey claims)
	(catch Throwable t
	{:error true
	:details (ex-data t)})))

	(def token "eyJhbG.....")

	(-> (jwks->pubkey "https://YOUR_DOMAIN/.well-known/jwks.json")
	(validate-token token {:alg :rs256}))

	;; => {:scope ["app:area:read"],
	;; :client_id "gitpod",
	;; :iss "https://YOUR_DOMAIN",
	;; :exp 1585616824}