Closed coffe4u closed 1 year ago
I'm not sure to understand the reason, maybe you can also add a few lines of documentation in the README to document this?
I will add some info to the readme.
My primary use for this is that we have another application that my company acquired and we want to connect the two using OpenID Connect. That other application is using Google Firebase. To connect your Firebase application to an OpenID Connect provider, you basically just get to provide a "Well Know Configuration URL". This configuration file is defined as part of the OpenID Connect Discovery specification https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
The expected response is defined here https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse and here https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata. The part that is really missing that I've been working on is the jwks_uri
. That URI is supposed to describe your JSON Web Key Set [JWK] document. This contains information on the signing key(s).
Really the JWKS concept is used to allow for more than one key but I still have to deal with it because Google is expecting it. The multiple keys idea leads to the idea of the Key ID or kid
https://datatracker.ietf.org/doc/html/rfc7517#section-4.5
Once I get all of this working, I'm planning on submitting another PR so that the package can add the "Well Know Configuration URL" & JWKS for you.
I've been using https://token.dev/ to verify my JWT at the end of the process. After adding the kid
to the token header, it was finally fully verified via my JWKS Endpoint!
@jeremy379 I just added some info the to README.
This allows you to set any number of token headers that you would like, including none, via the new
openid.token_headers
configuration parameter. This can be useful for a number of reasons but my primary use is to add the headerkid
with my Key ID value.