oauth: get signing key from provider

keratin / authn-server

Authentication service that keeps you in control without forcing you to be an expert in web security.

https://keratin.github.io

GNU Lesser General Public License v3.0

1.27k stars 110 forks source link

oauth: get signing key from provider #236

Closed AlexCuse closed 9 months ago

AlexCuse commented 9 months ago

Not a strong one @cainlevy - I guess maybe including with credentials is slightly more straightforward to document as long as we note the 3rd signing key segment is only respected after v1.X.Y.

cainlevy commented 9 months ago

I don't have a strong preference here either. I trust your discretion on it.

AlexCuse commented 9 months ago

I took a crack at including with credentials and think I like it better. Feels like less code, and there was a natural spot for an error in the credential parsing response @cainlevy