You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On OIDC (experimental) feature, the JWK must be set in the configuration (e.g.: key: %env(OIDC_JWK)%). This JWK is generated on the OIDC server. If it changes on it, its value must be updated on the Symfony project.
To access it, most OIDC servers implement a /protocol/openid-connect/certs URI exposing public JWKs used to encrypt JWTs and sign them. I suggest to import this JWK from this URI dynamically, and save it locally to prevent any extra HTTP request (app cache?).
security:
firewalls:
main:
oidc:
signature:
# proposal 1: detect value is an URI, call it to import the JWKkey: 'https://www.example.com/protocol/openid-connect/certs'# proposal 2: add new option "certs" non combinable with "key" to import and set "key" option dynamicallycerts: 'https://www.example.com/protocol/openid-connect/certs'
The text was updated successfully, but these errors were encountered:
Description
On OIDC (experimental) feature, the JWK must be set in the configuration (e.g.:
key: %env(OIDC_JWK)%
). This JWK is generated on the OIDC server. If it changes on it, its value must be updated on the Symfony project.To access it, most OIDC servers implement a
/protocol/openid-connect/certs
URI exposing public JWKs used to encrypt JWTs and sign them. I suggest to import this JWK from this URI dynamically, and save it locally to prevent any extra HTTP request (app
cache?).Question: should it be a new feature or a bugfix?
Example
Current implementation:
Proposals:
The text was updated successfully, but these errors were encountered: