Using Azure ADB2C tokens to authenticate to RabbitMq

Question

I am using Azure ADB2C to authenticate my users to a web service. I also us custom policies to enrich the token generated by Azure ADB2C. This works fine.

Now I would like to add another service and for this I would like to use RabbitMq. To authenticate the users to the RabbitMq server, I would like to use RabbitMq's oauth2 plugin.

Basically I want to use the same jwt token that Azure ADB2C generates to authenticate&authorize users to the RabbitMq server.

For this to work, I need to supply RabbitMq with the UAA signing key that my custom Azure ADB2C policy is using.

This is an example from the RabbitMq oauth2:

[
  %% ...
  %% backend configuration
  {rabbitmq_auth_backend_oauth2, [
    {resource_server_id, <<"my_rabbit_server">>},
    %% UAA signing key configuration
    {key_config, [
      {signing_keys, #{
        <<"a-key-ID">> => {pem, <<"*-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dP+vRn+Kj+S/oGd49kq
6+CKNAduCC1raLfTH7B3qjmZYm45yDl+XmgK9CNmHXkho9qvmhdksdzDVsdeDlhK
IdcIWadhqDzdtn1hj/22iUwrhH0bd475hlKcsiZ+oy/sdgGgAzvmmTQmdMqEXqV2
B9q9KFBmo4Ahh/6+d4wM1rH9kxl0RvMAKLe+daoIHIjok8hCO4cKQQEw/ErBe4SF
2cr3wQwCfF1qVu4eAVNVfxfy/uEvG3Q7x005P3TcK+QcYgJxav3lictSi5dyWLgG
QAvkknWitpRK8KVLypEj5WKej6CF8nq30utn15FQg0JkHoqzwiCqqeen8GIPteI7
VwIDAQAB
-----END PUBLIC KEY-----*">>}
          }}
      ]}
    ]}
].

But I cannot find this "PUBLIC KEY".

For example, looking at this demo key, there is no PUBLIC KEY as required by the RabbitMq oauth2 authenticator.

Where can I find the PUBLIC KEY of the Azure ADB2C custom policy that I want to use?

Answer 1

Go to the Azure Portal, AAD B2C Blade. Find your Custom Policy or User Flow. Click the "Run Now" button. In the pane, you will find the Open ID Connect Metadata document.

https://fabrikamb2c.b2clogin.com/fabrikamb2c.onmicrosoft.com/your-policy-id/v2.0/.well-known/openid-configuration

In this document you will find a JWKS URI. Open the JWKS URI. In the JWKS URI you will find the parameters used to generate the signing key - modulus (n) and exponent (e).

You need to combine these values (binary encoded bytes) to recreate the public cert that you are looking for. I have a RSA public key exponent and modulus. How can I encrypt a string using Python?