Lexikjwtauthenticationbundle: Support for remote private keys?

Created on 27 May 2018  路  1Comment  路  Source: lexik/LexikJWTAuthenticationBundle

Hi, I'm using this in an automated build process that uses git and docker. Everything is in git excepts for secrets, which we put on s3. AFAICS there is no way to pull the private keys remotely? Any suggestions for this, other than the obvious of adding a curl in the docker entrypoint? Thanks!

Feature

Most helpful comment

I'm not sure if this is _the_ standard or just _a_ standard, but JWKS would be one nice way of verifying a JWT against a remote set of keys.

See https://auth0.com/docs/jwks

Even better would be the ability to define a remote set of keys for prod and override this in a test env to specify a known keypair. This would mean integration tests could generate JWTs and they would be verifiable without an internet connection.

>All comments

I'm not sure if this is _the_ standard or just _a_ standard, but JWKS would be one nice way of verifying a JWT against a remote set of keys.

See https://auth0.com/docs/jwks

Even better would be the ability to define a remote set of keys for prod and override this in a test env to specify a known keypair. This would mean integration tests could generate JWTs and they would be verifiable without an internet connection.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

kemicofa picture kemicofa  路  5Comments

mflasquin picture mflasquin  路  5Comments

Walkoss picture Walkoss  路  4Comments

ndoulgeridis picture ndoulgeridis  路  3Comments

JuliusKoronci picture JuliusKoronci  路  4Comments