Closed vanpelt closed 2 years ago
Hello @vanpelt,
thank you for your contribution! I will merge your PR if you add a tests that checks that the kid
Header is set.
My understanding of JWK specifies a data structure that holds a key respectively a JWK Set a datastructure that holds a set of keys. So it is more like PEM/DER. I currently don't understand how the changes are related to JWK Sets, but optionally adding the key id to the headers seems useful to me. Could you please rephrase the description of the PR stating what is actually changed and (if you like) open an issue that we might support JWK Sets?
I picked up the ball at this, and have made the necessary adjustments. Just waiting for other things to get merged first.
I compiled this change amongst other things in my own master - you can take it for a spin here (latest tag): https://hub.docker.com/r/kernle32dll/loginsrv
Ideally loginsrv would just create a JSON Web Key Set and serve it up, but this is a a quick and easy fix for now. This was inspired by Auth0