-
-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No JWKS endpoint #2
Comments
I have successfully implemented a def load_public_keys():
public_key_path = Path("etc") / "public.pem"
public_key = JsonWebKey.import_key(public_key_path.read_bytes())
public_key["use"] = "sig"
public_key["alg"] = "RS256"
return KeySet([public_key])
@bp.route("/oauth/jwks")
def jwks_endpoint():
return jsonify(load_public_keys().as_dict()) @lepture is this the right way to go about this? Is this something that can be added to the example code? Maybe with auto generated keys on start-up? If they are delivered to the client via auto discovery, they do not need to be persistent, right? |
Almost forgot, to actually use the private key for JWT_CONFIG = {
"key": "secret-key",
"alg": "RS256",
"iss": "https://example.com",
"exp": 3600,
}
private_key_path = Path('etc') / 'private.pem'
private_key = JsonWebKey.import_key(private_key_path.read_text())
JWT_CONFIG['key'] = KeySet([private_key]).as_dict() The last |
@lepture ping? |
There is a way to generate the keys with Authlib. I’ll update it later. |
Generating the keys seems like a great idea, I would like persistence though. It seems though, that otherwise every restart of the oidc server would require a restart of the consumer app too while working on it - if that is the case, persistence of the generated key would probably be wise. :-) Other than that: Thanks! |
Also, this would go especially great with #11. :-) |
Hello! Any updates on this? I'm implementing an authorization server with authlib and had already done something like @dwt at this endpoint, but if there was something simpler with the use of authlib for generating keys it would be awesome! |
any updates? is this project dead? |
To my understanding, when implementing OIDC, you need a JWKS endpoint. (A discovery endpoint would also be pretty helpful). Perhaps I'm missing something, but this example doesn't seem to provide a way for the client to validate the bundled OIDC profile because there's no jwks endpoint.
The text was updated successfully, but these errors were encountered: