Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for JWKSet backed by a URL #264

Open
sazzer opened this issue Jun 21, 2022 · 0 comments
Open

Support for JWKSet backed by a URL #264

sazzer opened this issue Jun 21, 2022 · 0 comments

Comments

@sazzer
Copy link

sazzer commented Jun 21, 2022
edited
Loading

In situations where a third-party service is providing JWTs that the resource service is authenticating, it can often be necessary to obtain the JWKSet from the same third-party that is providing the JWTs. For example, if using Auth0 to handle authentication then the JWKSet comes from https://tenant.xx.auth0.com/.well-known/jwks.json.

Currently I've built a wrapper around https://docs.rs/reqwest/latest/reqwest/ and JWKSet that handles this, so my code will go and fetch the JWKSet, parse it into a JWKSet and then use that to authorize the incoming token.

This works, but it feels that it would be better handled by the library itself. For example:

let jwkset = JWKSet::from_url(jwkset_url);
let encoded = Compact::<ClaimsSet<()>, ()>::new_encoded(token);
let decoded = encoded.decode_with_jwks(&jwkset, None).unwrap();

Even better if the JWKSet can then automatically cache keys and fetch new ones on demand, to handle key rotation and similar cases.

Cheers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sazzer