This is a demo solution with two microservices to illustrate the use of JWK key endpoint in JWT validation. Authentication service is responsible for generating JWT token and JWK key endpoint. The protected service is responsible for validating the JWT token using JWK key endpoint.
This project is using pnpm to maintain two microservices in a mono repo. The workspace file is configured for the two Projects. Make sure you have pnpm before starting it locally.
We can use pnpm filter and install individual project dependencies
Ex:
pnpm --filter jwkserver i and pnpm --filter secureservice i
We can use pnpm filter command to run both projects since both having same npm script command names
Ex:
pnpm --filter secureservice --filter jwkserver run dev
You can use postman or similar tool to dispact calls to get tokens and call secure endpoint for JWT validation JWK keys.
Token endpoint:
curl --location 'http://localhost:3001/api/v1/auth' \
--header 'Content-Type: application/json' \
--data '{
"userName":"Jane",
"password":"pass123"
}'
Protected endpoint:
curl --location 'localhost:3000/api/v1/protected' \
--header 'Authorization: <JWT TOKEN FROM PREVIOUS CALL>'
JWKS endpoint
curl --location 'http://localhost:3001/.well-known/jwks.json'