ybelMekk
commented
1 year ago @frehov hello and thanks for the issue! 🗡️
This is as intended, as the issuer or owner of the token is: https://security-token-service.nais.preprod.local
You will get the same keys from /jwks from the 2 to endpoints. This was a quick fix for developers to be able to get tokens outside "utvikler image" but with "naisdevice" for testing of applications locally.
Sure you could argue, https://security-token-service.dev.adeo.no/ should be its own instance, but then with own keys in the jwks endpoint but with none or less compatibility to old systems still using this STS.
I dont think that this will be considered any day soon as its on its lasts breath...
Unable to set up and run application locally for testing when using STS with provided ingress for developers: https://security-token-service.dev.adeo.no/.well-known/openid-configuration.
Problem: When configuring an application to use STS for with issuer-url https://security-token-service.dev.adeo.no configuration is resolved from the openid-configuration page. This page contains links that points to preprod.local, making spring fail when trying to fetch the JWKs which are available at https://security-token-service.dev.adeo.no/jwks.
Please see the attached image