Closed j3parker closed 7 years ago
No tests yet, just wanted to get your thoughts.
I'm thinking we could plumb an optional boolean through the validation stuff to enable this code path. Step 1 would be to enable it in the LMS because it would be totally safe (auth supports JWK.)
I'll continue reviewing this, once you review https://github.com/Brightspace/D2L.Security.OAuth2/pull/67 ;)
Haha good call
Bumpity
This adds a new method IJwkProvider.RequestJwkAsync. It falls back to RequestJwksAsync on 404. We want to move to JWK to support better caching (i.e. performance) and it is more compatible with services like S3+CF that would increase our fault-tolerance.