Skip to content

Commit

Permalink
feat: support token rotation in ID token mutator
Browse files Browse the repository at this point in the history 
Previously, only one JWK may be returned by the JWKS URL. This made token rotation impossible. This patch allows for multiple keys to be returned by the JWKS URL and the first key found will be used for signing.
  • Loading branch information
@aeneasr
aeneasr committed Jul 13, 2023
1 parent 64aed38 commit 8605cc1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions credentials/signer_default.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ func (s *DefaultSigner) key(ctx context.Context, location *url.URL) (*jose.JSONW
return nil, "", err
}

if len(keys) != 1 {
return nil, "", errors.Errorf("credentials: expected exactly one JSON Web Key Set to be returned but got: %d", len(keys))
if len(keys) == 0 {
return nil, "", errors.Errorf("credentials: expected at least one JSON Web Key Set to be returned but got: %d", len(keys))
}

var pk jose.JSONWebKey
Expand Down

0 comments on commit 8605cc1

Please sign in to comment.