Ignoring `jwks_uri` and injecting KeyStore instead. #345

douglance · 2021-03-11T15:35:36Z

douglance
Mar 11, 2021

I edited the code to skip over the jwks_uri and use a KeyStore that is injected instead. And it seems to be working just as well.

My issuer doesn't use the jwks_uri, so I need to be able to inject the KeyStore rather than fetching it.

Is there a way to do that without forking the library?

Answered by panva

Mar 11, 2021

Is there a way to do that without forking the library?

There is not. jwks_uri is a baseline requirement for this library whenever the client is meant to validate an assertion signed by the IdP using an asymmetric key. An OP without jwks_uri cannot pass any of the OIDC conformance profiles and is therefore out of scope for this library.

View full answer

panva · 2021-03-11T15:40:06Z

panva
Mar 11, 2021
Maintainer

Is there a way to do that without forking the library?

There is not. jwks_uri is a baseline requirement for this library whenever the client is meant to validate an assertion signed by the IdP using an asymmetric key. An OP without jwks_uri cannot pass any of the OIDC conformance profiles and is therefore out of scope for this library.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ignoring `jwks_uri` and injecting KeyStore instead. #345

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Ignoring jwks_uri and injecting KeyStore instead. #345

douglance Mar 11, 2021

Replies: 1 comment

panva Mar 11, 2021 Maintainer

Ignoring `jwks_uri` and injecting KeyStore instead. #345

douglance
Mar 11, 2021

panva
Mar 11, 2021
Maintainer