The asymmetric signing configuration parameters only support a single key. The use of a single key means that rotation will cause outages. #2034
Comments
yeshamavani
changed the title
|
Mudassir will prepare a TDD for this ETA-29th April |
Open
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The asymmetric signing configuration parameters only support a single key. The use of a single key means that rotation will cause outages.
The two main endpoints that most industry standard OIDC/OAuth2.0 validation libs require are missing: discovery and JWKS. As a result, the public key signing key must be distributed into downstream services, rather than the downstream services using one of the standard endpoints for retrieving signing keys. JWKS is a hard requirement for key rotation, as it enables clients to use newly issued signing keys without rotation.
As a result of the above bullet points, pointing applications from other stacks, even node stacks that use generic OIDC libraries, will not work as expected.
External providers have their own distinct endpoints, instead of simply configuring the external providers and the service redirecting when a request is made for the external provider integration. Other similar products do not require instantiating a controller and adding endpoints
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: