Is there a way to expose an endpoint for JWK?

[justincely]

I'm looking to expose the JWT public keys as an endpoint, so things like Nginx or Envoy can verify the token. I know this framework adds in /token/verify endpoints so that the entire token can be passed and verified; but some of these seem to prefer grabbing the keys and validating themselves.

I see the jwk_url in the docs, but that seems like an optional thing to embed this URL into the token itself. But perhaps i'm missing something?

Thanks for the help.

[Andrew-Chen-Wang]

I believe jwk_url is passed into PyJWT and will be used there to verify: https://github.com/jazzband/djangorestframework-simplejwt/blob/f2ec2f96d66fce80037111e627f96b25653d10e9/rest_framework_simplejwt/backends.py#L36

[justincely]

Thanks @Andrew-Chen-Wang; that's still me putting in the URL for the keys right? So from this I'd presumably need to create them manually, then load them into the server and host my own routes for them?

[Andrew-Chen-Wang]

I believe so yes. This is if you want jwks. You don't have to use it; i believe the original PR for this was because people needed to connect to Auth0

[justincely]

how would you feel about a PR adding a view for that? i feel like it would be quite useful

[Andrew-Chen-Wang]

Sure I wouldn't mind! Just make sure to

1. Add to the docs, in a separate section, requiring .well-known/jwks.json is a path
2. The view can just return a JsonResponse

[justincely]

Great; I'll dig into your contributor guidelines and the code a bit when I get a chance and ask questions here if I have any questions before PR.

[atulnarayanan]

I'm trying to integrate grafana via their JWT authentication documentation and i was hoping there would be a way to use jwks endpoint with simple-jwt package itself. I'm not using Auth0. Any update on this?