The system should provide a way to check a JSON Web Key Set (JWKS) at a given URL instead of relying on a hardcoded configuration. The context here is the decoding of an id_token. If the system doesn't find an appropriate decryption key (hmac_key) in the current platform's key set, it should try to retrieve new keys from a JWKS URL.
Describe the Impact on the System
This feature will primarily affect the OIDCLoginFlask and JWTKeyManagement and the platform data structure. It may require changes to the way we handle keys, and may need a new method for fetching and updating keys from a JWKS URL.
Definition of Done
[ ] Extend OIDCLoginFlask and JWTKeyManagement to support fetching and updating keys from a JWKS URL.
[ ] Add functionality to retrieve keys from JWKS URL when a suitable decryption key is not found in the platform's key set.
[ ] Modify error handling logic to account for failed key retrieval.
[ ] Update the platform data structure if necessary to support keys from JWKS URL.
[ ] Linting Code to Python standard.
[ ] Testing code with Pytest. All tests within the system should still be ok. This includes tests for successful key retrieval, error handling for failed retrieval, and correct handling of the updated key set.
[ ] Documentation updated to explain the new feature, how to set the JWKS URL, and any relevant error messages.
Describe the feature to be developed
The system should provide a way to check a JSON Web Key Set (JWKS) at a given URL instead of relying on a hardcoded configuration. The context here is the decoding of an
id_token
. If the system doesn't find an appropriate decryption key (hmac_key
) in the current platform's key set, it should try to retrieve new keys from a JWKS URL.Describe the Impact on the System
This feature will primarily affect the OIDCLoginFlask and JWTKeyManagement and the platform data structure. It may require changes to the way we handle keys, and may need a new method for fetching and updating keys from a JWKS URL.
Definition of Done