Open qoomon opened 4 months ago
probably related to https://github.com/honojs/hono/issues/672
Apple Music API also needs kid
header which is not compatible with current jwt middleware:
expected headers and payload:
{
"alg": "ES256",
"kid": "ABC123DEFG"
}
{
"iss": "DEF123GHIJ",
"iat": 1437179036,
"exp": 1493298100
}
actual:
{
"alg": "ES256",
"typ": "JWT"
}
{
"iss": "DEF123GHIJ",
"iat": 1437179036,
"exp": 1493298100
}
also have need for kid
in headers, only reason i have to stick with a separate jwt library now
What is the feature you are proposing?
currently the
jwt
middleware requires a static secret value, however in my use case (see below) it's not a static secret instead it is retrieved from an JWKS. Therefore it would be nice if thejwt
middleware also support anasync function(payload: any) : string
as secret parameter.Use Case:
I'm working on a server endpoint that is called by GitHub actions to authenticate I'm using the Github Actions OIDC tokens.
Currently I'm using my own middleware by using
fast-jwt
withget-jwks
like thishowever it would be nice if I can switch to an official middleware.