Handling multiple public key certs

[hernan-almeida]

When implementing with AAD, my tenant has multiple keys that can be used at random to validate JWTs (depending on the kid in the JWT header). Is there a way to setup this module to validate against multiple keys? Or is there a better way to implement bearer auth in this case?

[andreasgrimm]

Hi @hernan-almeida, yes, I actually planned to integrate the lib jwks-rsa that'd make it optional to specify an IDP's (Identity Provider) public key / signing certificate at configuration time. Instead the lib would go and request the right public key from the IDP according to the kid in the JWT header. I just did not yet check if the jwks-rsa lib supports multiple different IDPs (or in Azure terms different tenants/AADs for that matter) with varying "well known endpoint" URIs. If not then I guess it could be implemented in this azure-functions-auth lib.

is there a better way to implement bearer auth in this case?

As you're using the Azure-native IDP "AAD (Azure Active Directory)" you could try to just use the Function App's integrated Authentication functionality.

I created this lib mainly for the use case when you're not able to or dont want to use AAD as an IDP.