I am implementing something similar to : https://login.microsoftonline.com/common/discovery/v2.0/keys
Spring boot JWT application which generate and validate JWT token. I will generate many public/private keys (I do not want to generate all tokens with one key. One keys pair will be generate token with shorter life time, second will generate longer...) I will create endpoint /keys with public keys. The question is : How to connect proper public key with private key in my application to validate it?
And the second one : How to generate keys like above (with fields like kty":"RSA","use":"sig", kid...) Is there any pattern to do it?
How to generate keys like above (with fields like
"kty": "RSA","use": "sig","kid"...) Is there any pattern to do it?
It's a standard called JSON Web Key (JWK), defined in the RFC 7517, which defines a data structure that represents a cryptographic key in JSON.
In Java, you can use Nimbus JOSE + JWT, which supports JWK with RSA keys.
How to connect proper public key with private key in my application to validate it?
You can use the kid header claim in your token: It's is an optional header claim which holds a key identifier, particularly useful when you have multiple keys to sign the tokens and you need to look up the right one to verify the signature.
Once a signed JWT is a JWS, consider the definition from the RFC 7515:
4.1.4. "kid" (Key ID) Header Parameter
The
kid(key ID) Header Parameter is a hint indicating which key was used to secure the JWS. This parameter allows originators to explicitly signal a change of key to recipients. The structure of thekidvalue is unspecified. Its value MUST be a case-sensitive string. Use of this Header Parameter is OPTIONAL.When used with a JWK, the
kidvalue is used to match a JWKkidparameter value.