passphrase for HS256

[afoninsky]

Hello.

Currently, I'm supporting an outdated project which uses HS256 algo in JWT.
My cases are:

• authenticate incoming JWT
• generate request to downstream servers with custom JWT token (ex.: add .exp key)

For now, it's not clear how to configure HS256 JWT with a custom passphrase for the following handlers: authenticator.jwt, mutators.id_token.

I assume it can be done by placing jwks.json with a specific format, but all the examples on the Internet are with RS256.
Can you please point to the documentation and/or examples?

Best regards.

[afoninsky]

Let me answer to myself: https://tools.ietf.org/id/draft-jones-jose-json-private-and-symmetric-key-00.html#kOctDef

The k (key value) member contains the value of the symmetric (or other single-valued) key. It is represented as the base64url encoding of the octet sequence containing the key value.

{ "keys": [ { "kty": "oct", "use": "sig", "kid": "sig-1624969245", "k": "c29tZS1zZWNyZXQ", "alg": "HS256" } ] }