Closed nbarbettini closed 7 years ago
Hey I didn't see this PR until last night, I pushed some changes #331, that should address a couple of the things I've mentioned (but leave a few other problems, like JWT validation)
I can take a shot a using the keys endpoint to validate the RSA key ( I have some similar code in the java SDK already).
Fixed a lot of small issues.
Made the JWT support RSA (asymmetric) signed tokens, which is what Okta returns. The elegant solution would be to inspect the JWKS document on the Authorization Server's
.well-known
endpoint, but for now I just used a hack: you have to copy the key's modulus and exponent into theJWT_SIGNING_KEY_MOD
andJWT_SIGNING_KEY_EXP
env vars. If someone wants to make it better, be my guest 😄