Factored out KeyConverter

CredentialManager.cs

@@ -25,7 +25,7 @@ public class CredentialManager
         _fido2 = fido2;
         _optionsCache = optionsCache;
         _jwtConfig = jwtOptions.Value;
-        _rsa = ToRsa(_jwtConfig.Key!);
+        _rsa = KeyConverter.JwkToRsa(_jwtConfig.Key!);
 
         _jsonOptions = new JsonSerializerOptions()
         {
@@ -192,31 +192,5 @@ public class CredentialManager
         return token;
     }
 
-    private RSA ToRsa(JsonWebKey key)
-    {
-        var rsaParameters = new RSAParameters
-        {
-            // PUBLIC KEY PARAMETERS
-            // n parameter - public modulus
-            Modulus = Base64UrlEncoder.DecodeBytes(key.N),
-            // e parameter - public exponent
-            Exponent = Base64UrlEncoder.DecodeBytes(key.E),
     
-            // PRIVATE KEY PARAMETERS (optional)
-            // d parameter - the private exponent value for the RSA key 
-            D = Base64UrlEncoder.DecodeBytes(key.D),
-            // dp parameter - CRT exponent of the first factor
-            DP = Base64UrlEncoder.DecodeBytes(key.DP),
-            // dq parameter - CRT exponent of the second factor
-            DQ = Base64UrlEncoder.DecodeBytes(key.DQ),
-            // p parameter - first prime factor
-            P = Base64UrlEncoder.DecodeBytes(key.P),
-            // q parameter - second prime factor
-            Q = Base64UrlEncoder.DecodeBytes(key.Q),
-            // qi parameter - CRT coefficient of the second factor
-            InverseQ = Base64UrlEncoder.DecodeBytes(key.QI)
-        };
-
-        return RSA.Create(rsaParameters);
-    }
 }

KeyConverter.cs

@@ -0,0 +1,46 @@
+using System.Security.Cryptography;
+using Microsoft.IdentityModel.Tokens;
+
+namespace Passwordless;
+
+public static class KeyConverter
+{
+    public static RSA JwkToRsa(JsonWebKey key)
+    {
+        var rsaParameters = new RSAParameters
+        {
+            // PUBLIC KEY PARAMETERS
+            // n parameter - public modulus
+            Modulus = Base64UrlEncoder.DecodeBytes(key.N),
+            // e parameter - public exponent
+            Exponent = Base64UrlEncoder.DecodeBytes(key.E),
+    
+            // PRIVATE KEY PARAMETERS (optional)
+            // d parameter - the private exponent value for the RSA key 
+            D = Base64UrlEncoder.DecodeBytes(key.D),
+            // dp parameter - CRT exponent of the first factor
+            DP = Base64UrlEncoder.DecodeBytes(key.DP),
+            // dq parameter - CRT exponent of the second factor
+            DQ = Base64UrlEncoder.DecodeBytes(key.DQ),
+            // p parameter - first prime factor
+            P = Base64UrlEncoder.DecodeBytes(key.P),
+            // q parameter - second prime factor
+            Q = Base64UrlEncoder.DecodeBytes(key.Q),
+            // qi parameter - CRT coefficient of the second factor
+            InverseQ = Base64UrlEncoder.DecodeBytes(key.QI)
+        };
+
+        return RSA.Create(rsaParameters);
+    }
+
+    public static JsonWebKey ExtractPublicKey(JsonWebKey key)
+    {
+        return new JsonWebKey()
+        {
+            Kty = key.Kty,
+            E = key.E,
+            N = key.N,
+            Use = "sig",
+        };
+    }
+}

Program.cs

@@ -5,7 +5,6 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.IdentityModel.Tokens;
 using Passwordless;
 
-// TODO: RoslynPad code for key generation
 var jwk = JsonWebKey.Create(File.ReadAllText("./demo-jwk.json"));
 //var host = "http://localhost:5172";
 var host = "https://demo.larcanum.net";
@@ -21,7 +20,7 @@ builder.Services.AddFido2(options =>
     // server domain MUST match the actual domain name that the client uses to make the request from
     options.ServerDomain = host.Substring(host.LastIndexOf("/", StringComparison.Ordinal) + 1);
     options.ServerName = "FIDO2 Test";
-    options.Origins = [host];
+    options.Origins = [host, "http://localhost:5172"];
     options.TimestampDriftTolerance = 300000;
 });
 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
@@ -44,7 +43,7 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
         options.Authority = host;
         options.TokenValidationParameters = new TokenValidationParameters
         {
-            IssuerSigningKey = jwk,
+            IssuerSigningKey = KeyConverter.ExtractPublicKey(jwk),
             ValidIssuer = host,
             ValidAudience = host,
             NameClaimType = ClaimTypes.NameIdentifier, // important to get the "sub" claim mapped to User.Identity.Name