matuzalemsteles
commented
4 years ago @sandrinodimattia thanks, I'll take care of updating the example using the OIDC.
Open sandrinodimattia opened 4 years ago
matuzalemsteles
commented
4 years ago @sandrinodimattia thanks, I'll take care of updating the example using the OIDC.
I noticed you have an example using Auth0 which requires the user to download the public key and copy it to an environment variable.
This is problematic because Auth0 (and many other providers) support public key rotation which means that the key will change over time. Requiring customs to exactly time this event by reconfiguring their applications on that same moment is problematic and a bad practice.
I would suggest updating the examples to use a library that handles all of this automatically using the OIDC discovery endpoints, like this library: https://github.com/sandrinodimattia/serverless-jwt/tree/master/examples