Merge pull request xtuple#6 from purdytx/master

Updated README for more information on dealing with keys, crypto, etc
bendiy · Nov 11, 2014 · b4b0793 · b4b0793
2 parents 8db426d + a7669fb
commit b4b0793
Showing 1 changed file with 23 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -13,20 +13,38 @@ This module exchanges a JWT for an access token after authenticated, as [defined
 
 #### Register Exchange Middleware
 
-This exchange middleware is used to by clients to request an access token by using a JSON Web Token (JWT) generated by the client and verified by a Public Key stored on the OAuth 2.0 server.  The exchange requires a verify callback, which accepts the client, JWT data and signature, then calls done providing a access token.
+This exchange middleware is used to by clients to request an access token by using a JSON Web Token (JWT) generated by the client and verified by a Public Key stored on the OAuth 2.0 server.  The exchange requires a verify callback, which accepts the client, JWT data and signature, then calls done providing a access token. 
+
+##### Key Generation Tips
+generate private key
+openssl genrsa -out private.pem 1024 
+
+abstract public key
+openssl rsa -in private.pem -out public.pem -outform PEM -pubout 
+
+sign the data
+signing data: echo -n "data-to-sign" | openssl dgst -RSA-SHA256 -sign private.pem > signed 
+
+convert the signed file (binary) into base64 to be sent.
+base64 signed
 
     var jwtBearer = require('oauth2orize-jwt-bearer').Exchange;
 
     server.exchange('urn:ietf:params:oauth:grant-type:jwt-bearer', jwtBearer(function(client, data, signature, done) {
      var crypto = require('crypto')
-       , pub = pubKey // TODO - Load your pubKey registered to the client from the file system or database
+	   , fs = require('fs') //load file system so you can grab the public key to read.
+       , pub = fs.readFileSync('/path/to/public.pem').toString() //load PEM format public key as string, should be clients public key
        , verifier = crypto.createVerify("RSA-SHA256");
 
+	 //verifier.update takes in a string of the data that is encrypted in the signature  
      verifier.update(JSON.stringify(data));
-
+    
      if (verifier.verify(pub, signature, 'base64')) {
-
-       // TODO - base64url decode data then verify client_id, scope and expiration are valid
+	   //base64url decode data 
+	   var b64string = data;
+	   var buf = new Buffer(b64string, 'base64').toString('ascii');
+	   
+       // TODO - verify client_id, scope and expiration are valid from the buf variable above
 
        AccessToken.create(client, scope, function(err, accessToken) {
          if (err) { return done(err); }