jgrandja
commented
1 year ago @KPrzychodzki A custom OAuth2TokenCustomizer @Bean provides the capability to select the correct key for signing by modifying the JOSE header, for example, the alg or kid claims.
Please review OAuth2TokenGenerator and OAuth2TokenCustomizer.
Also, see these issues as they provide details on custom configuration gh-927, gh-323, gh-487.
Closing this as a duplicate.
Expected Behavior JWT generation should allow for specifying and forward context and/or headers that would disambiguate keys of the same type (i.e. allow to chose from multiple RSA256 keys).
Current Behavior Currently JwtGenerator hardcodes key type to RSA256 and ignores other values/context that could be useful for purpose of disambiguating, notably also kid header.
Context Use case: Attempt to sign with key chosen on per client basis It might simplify other tasks i.e. key rotation