Open cicnavi opened 2 years ago
Currently, oidc module supports configuring single private key / certificate pair.
We should consider enabling support to define multiple, or at least old / new private key and certificate pair to make it easier for RPs to check in advance for available certs on JWKS URI to for signature check for ID tokens...
Example key rollover for SAML in SimpleSAMLphp: https://simplesamlphp.org/docs/latest/saml/keyrollover.html
Currently, oidc module supports configuring single private key / certificate pair.
We should consider enabling support to define multiple, or at least old / new private key and certificate pair to make it easier for RPs to check in advance for available certs on JWKS URI to for signature check for ID tokens...
Example key rollover for SAML in SimpleSAMLphp: https://simplesamlphp.org/docs/latest/saml/keyrollover.html