Skip to content

Instantly share code, notes, and snippets.

@jdanyow
Created July 12, 2023 04:10
Show Gist options
  • Save jdanyow/788a73702198ab12328cc0a9b6fba41c to your computer and use it in GitHub Desktop.
Save jdanyow/788a73702198ab12328cc0a9b6fba41c to your computer and use it in GitHub Desktop.
const { base64url } = await import('https://cdn.skypack.dev/rfc4648');
/**
* @param {JsonWebKey} key
*/
async function generateThumbprint(key) {
// https://datatracker.ietf.org/doc/html/rfc7638
const { e, kty, n } = key;
const json = JSON.stringify({ e, kty, n });
const encoder = new TextEncoder();
const digest = await crypto.subtle.digest('SHA-256', encoder.encode(json));
return base64url.stringify(new Uint8Array(digest), { pad: false });
}
/** @type {RsaHashedKeyGenParams} */
const keygenParams = {
name: 'RSASSA-PKCS1-v1_5',
modulusLength: 2048,
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: { name: 'SHA-384' }
};
/** @type {RsaHashedImportParams} */
const importParams = {
name: 'RSASSA-PKCS1-v1_5',
hash: 'SHA-384'
};
async function generateJwkCryptoKeyPair() {
const keyPair = await crypto.subtle.generateKey(keygenParams, true, [
'sign',
'verify'
]);
const [publicKey, privateKey] = await Promise.all([
crypto.subtle.exportKey('jwk', keyPair.publicKey),
crypto.subtle.exportKey('jwk', keyPair.privateKey)
]);
publicKey.kid = privateKey.kid = await generateThumbprint(publicKey);
return {
publicKey,
privateKey
};
}
const { publicKey, privateKey } = await generateJwkCryptoKeyPair();
console.log(`
🟩 PUBLIC jwks
FHIR server will fetch these public keys to verify JWT signature as described in
https://hl7.org/fhir/smart-app-launch/client-confidential-asymmetric.html#signature-verification
${JSON.stringify({ keys: [publicKey] }, null, 2)}
🚨 PRIVATE signing key - you will use these to sign your JWT to make a token request
as described in https://hl7.org/fhir/smart-app-launch/client-confidential-asymmetric.html#request
${JSON.stringify(privateKey, null, 2)}
`);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment