Dynamically construct jwk_set_url by using kid as part of the URL

[anilmujagic]

I'm using Grafana behind AWS load-balancer, which is responsible for authentication and is then providing a JWT in the request header to Grafana. However, I can't configure the JWT auth due to Grafana requiring statically configured jwk_set_url, which is not possible in this case, since AWS load-balancer has a different URL for each key, as explained in the documentation.

Would it be possible to enable specifying a placeholder in the jwk_set_url, which will be replaced by kid or even any other part of the JWT. For example:

[auth.jwt]
enabled = true
header_name = x-amzn-oidc-data
username_claim = sub
email_claim = email
jwk_set_url = https://public-keys.auth.elb.eu-west-1.amazonaws.com/{{kid}}/.well-known/jwks.json

[grafanabot]

Please ask your question on community.grafana.com/. To avoid having your issue closed in the future, please read our CONTRIBUTING guidelines.

Happy graphing!