-
Notifications
You must be signed in to change notification settings - Fork 4.1k
Add TokenStore supporting JWT verification using JWK #977
Comments
Add tests Add javadoc Fix bug to work with UAA 3.11.0 Issue gh-977
Add tests Add javadoc Fix bug to work with UAA 3.11.0 Issue spring-atticgh-977
Add tests Add javadoc Fix bug to work with UAA 3.11.0 Issue spring-atticgh-977
Add tests Add javadoc Fix bug to work with UAA 3.11.0 Issue spring-atticgh-977
Thanks for the great work, could we have something like: jwks-uri in the application.yml/properties that create the store authomaticaly. |
@yelhouti This question should be posted in the Spring Boot GitHub as it's related to custom configuration properties in application.yml. On that note, Spring Boot 1.5.2 has added a new configuration property related to this issue
You mentioned the following...
Please note that Spring Security OAuth currently does not provide support for OpenID Connect so there is no validation/verification of We are currently working on a re-write of OAuth and integrating it into Spring Security proper and it will provide support for OpenID Connect. You can track the issue here |
Indeed I forgot to update spring boot in gradle.properties: springBootVersion = '1.5.2.RELEASE' |
Thanks @yelhouti. Yes, I have already looked at MITREid Connect. |
It would be very useful to have a
TokenStore
implementation that verifies a JWT using a JSON Web Key (JWK).The main goal of this implementation would be to verify a JWT using the corresponding JWK. The JWK used for verification is matched using the
kid
header parameter of the JWT and thekid
attribute of the JWK.The implementation would be responsible for fetching the JWK Set (the set of available JSON Web Key's) from the supplied URL.
Related Specifications
JSON Web Token (JWT)
JSON Web Key (JWK)
JSON Web Signature (JWS)
JSON Web Encryption (JWE)
JSON Web Algorithms (JWA)
The text was updated successfully, but these errors were encountered: