New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
async secretOrKeyProvider #235
Comments
Would you like to create a PR for this issue? |
Sure! If you think it makes sense I can work on a PR :) |
That would be great! |
Hi @rafaelcorreiapoli , any update on the PR for this one? |
@iamsuneeth Sorry I could not advance with the PR. |
Hey, any updates with this issue? |
Hi, any updates on supporting JWKS URI as secretOrKeyProvider |
Hi, from Japan. |
i need this feature too. I think with the package passport-jwt we can use this feature already |
Russian needs too :) |
I found temporary workaround for AzureAD. import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { JwksClient } from 'jwks-rsa';
import * as jwt from 'jsonwebtoken';
@Module({
imports: [
JwtModule.registerAsync({
async useFactory() {
const client = new JwksClient({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://login.microsoftonline.com/common/discovery/keys`,
});
const keys = await client.getSigningKeys();
return {
secretOrKeyProvider(requestType, token: string) {
const decoded = jwt.decode(token, { complete: true });
return keys
.find((key) => key.kid === decoded.header.kid)
.getPublicKey();
},
verifyOptions: {
audience: '(client id)',
issuer:
'https://login.microsoftonline.com/(tenant id}/v2.0',
algorithms: ['RS256'],
},
};
},
}),
],
})
export class AuthModule {} |
Please 🙏 |
I've updated #469 in #1486 to resolve conflicts and typos as the proposed workaround only fetches keys on boot which isn't suitable to handle key rotations. |
Let's track this here #1486 |
I'm submitting a...
Current behavior
secretOrKeyProvider
must return the key synchronouslyExpected behavior
If we are using jwks, we need to get this key from a http endpoint. Therefore, secretOrKeyProvider must support promises
What is the motivation / use case for changing the behavior?
Auth0 exposes the public keys via JWKS (https://github.com/auth0/node-jwks-rsa/tree/master/examples/express-demo)
Environment
The text was updated successfully, but these errors were encountered: