Is JWKS public key supported?

[marcinkoziej]

Hello!
This omniauth strategy requires a secret to verify signature, but in my JWT setup (I use https://www.ory.sh/oathkeeper/docs/ ) I have JWT tokens which need to be verified with a published JWKS.json.

Is there a way to extract the shared secret from jwks.json, or are these two different, incompatible methods?

[marcinkoziej]

I have PRd this functionality to https://github.com/discourse/discourse-omniauth-jwt

[alexfornuto]

@marcinkoziej Can you possibly help us out? We're trying to implement the same sort of solution you referenced over in the Discourse fork. We have an identity-aware proxy in front of GitLab, and want to use omniauth-jwt (if it's even the right tool for the job) to accept the JWT provided in headers, validating it against a publicly accessible jwks file. Details here.

[bcg62]

does this functionality still not exist?

[alexfornuto]

@bcg62 This repo hasn't been updated since 2013, so I'd guess not and suggest not holding one's breath.