You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's an endpoint that allows OP to pull the OP metadata which contains different endpoints such as authorize endpoint, token endpoint, userinfo endpoint, introspect endpoint and most importantly the JSON web keys.
Why do we need it?
It is necessary so that we are able to pull the latest jwks when validating id_token. It's stated in the document that it could change without prior notice so it would be better to get it from the source rather than having it offline.
Public keys are subject to change without warning for security reasons. Recommended best practice is to check the keyid returned in the JWT header against the kid (Key ID) of the public key you have stored from accounts.getJWTPublicKey, or that you received from the OP, and if they do not match, you must update your public key using accounts.getJWTPublicKey or contacting the OP.
Workaround
As a workaround, I do:
gigya.request('fidm.oidc.op.getMetadata')
Note
This endpoint is not listed in the documentation for some reason.
The text was updated successfully, but these errors were encountered:
What does it do?
It's an endpoint that allows OP to pull the OP metadata which contains different endpoints such as authorize endpoint, token endpoint, userinfo endpoint, introspect endpoint and most importantly the JSON web keys.
Why do we need it?
It is necessary so that we are able to pull the latest jwks when validating id_token. It's stated in the document that it could change without prior notice so it would be better to get it from the source rather than having it offline.
Source: https://developers.gigya.com/display/GD/Validate+A+JWT+from+SAP+Customer+Data+Cloud
Workaround
As a workaround, I do:
Note
This endpoint is not listed in the documentation for some reason.
The text was updated successfully, but these errors were encountered: