Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose a JWKS Endpoint from the Gateway #1839

Closed
ashera96 opened this issue May 16, 2023 · 2 comments · Fixed by wso2/carbon-apimgt#12091
Closed

Expose a JWKS Endpoint from the Gateway #1839

ashera96 opened this issue May 16, 2023 · 2 comments · Fixed by wso2/carbon-apimgt#12091
Assignees
@ashera96
Labels
4.3.0-M1 4.3.0 M1 Milestone 4.3.0 Affected/APIM-4.1.0 Component/APIM Type/Improvement
Milestone
4.3.0-M1

Comments

@ashera96
Copy link

Problem

We need to expose a JWKS endpoint from the Gateway in order to validate the backend JWTs. Also, the backend JWT token should include the kid claim.

Solution

Bring the current JWKS implementation to the gateway component. Use a configuration to decide weather or not the kid claim should be included in the backend JWT header.

Affected Component

APIM

Version

4.1.0

Implementation

No response

Related Issues

No response

Suggested Labels

No response
@herzcthu
Copy link

Waiting for this implementation to test further.

This was referenced Jul 19, 2023
Merged
Closed
@ashera96 ashera96 self-assigned this Jul 21, 2023
@ashera96
Copy link
Author

We can use the following config under deployment.toml to add/remove the kid claim from the backend JWT. Unless this use_kid_property is explicitly set to false, the backend JWT header will include the kid claim.

[apim.jwt]
use_kid_property = true

You can invoke the JWKS endpoint using the following URLs:

  • https://<host>:8243/jwks for super tenant
  • https://<host>:8243/t/<tenant domain>/jwks for tenants

@ashera96 ashera96 mentioned this issue Sep 11, 2023
Merged
@ashera96 ashera96 mentioned this issue Oct 4, 2023
Merged
@GihanAyesh GihanAyesh added 4.3.0 4.3.0-M1 4.3.0 M1 Milestone labels Jan 12, 2024
@npamudika npamudika added this to the 4.3.0-M1 milestone Jan 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ashera96 ashera96

Labels
4.3.0-M1 4.3.0 M1 Milestone 4.3.0 Affected/APIM-4.1.0 Component/APIM Type/Improvement
Projects
None yet
Milestone
4.3.0-M1
4 participants
@herzcthu @npamudika @ashera96 @GihanAyesh