Skip to content

No way to manually manage JWKS? #194

Answered by panva
huttj-lowes asked this question in Q&A
Discussion options

You must be logged in to vote

Can we have either (1) a way to create and manage "local" keystores (ideal for scenarios where the keys are shared via some non-http interface)

The createRemoteJWKSet module results in a GetKeyFunction interface which is accepted at the different decrypt/verify modules already, so you can definitely build your own.

However, it looks like there's no way to manually refetch the keys, nor does it appear that the agent will periodically refetch.

You do not need to manually refetch because it will automatically do so when no existing key matches the selection criteria. Given good JWKS key management hygiene at the producer this is all that's needed.

I honestly think that Jose should focu…

Replies: 1 comment 6 replies

Comment options

You must be logged in to vote
6 replies
@panva
Comment options

panva May 4, 2021
Maintainer

@huttj-lowes
Comment options

@big-kahuna-burger
Comment options

@panva
Comment options

panva May 5, 2021
Maintainer

@huttj-lowes
Comment options

Answer selected by huttj-lowes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants