Add support for bare JWK to IJwkProvider

Brightspace / D2L.Security.OAuth2

Brightspace OAuth 2.0 for C#

Apache License 2.0

7 stars 16 forks source link

Add support for bare JWK to IJwkProvider #69

Closed j3parker closed 7 years ago

j3parker commented 7 years ago

This adds a new method IJwkProvider.RequestJwkAsync. It falls back to RequestJwksAsync on 404. We want to move to JWK to support better caching (i.e. performance) and it is more compatible with services like S3+CF that would increase our fault-tolerance.

j3parker commented 7 years ago

No tests yet, just wanted to get your thoughts.

I'm thinking we could plumb an optional boolean through the validation stuff to enable this code path. Step 1 would be to enable it in the LMS because it would be totally safe (auth supports JWK.)

omsmith commented 7 years ago

I'll continue reviewing this, once you review https://github.com/Brightspace/D2L.Security.OAuth2/pull/67 ;)

j3parker commented 7 years ago

Haha good call

j3parker commented 7 years ago

Bumpity