- changed status to resolved
How to handle when single key is returned from remote JWK url
Issue #234
resolved
Hi Team,
Our JWK url returns only one key for particular keyid i.e without keys and arrays. For ex:
{ "kty": "RSA", "alg": "RS256", "use": "sig", "kid": "99d128848edb18ded8428a339fb1a651e3067099", "n": "u1V52rfS_qMF58T2-1R-NdW24R5KBIbq1k66EgK75WZfXj7XhBjCd4fHA4VPNlX_D_IWDoadLmh0Cny7Y9AjhF_wwV_gtHnfsmt_xmUncAw2uD37JUIAhlKYsMIIZnT-Pq0_Fhc6DpBi7bT0VO8mLMQqx9HVKM8RiKGOZVHA0N-b9LBWpodVJURGVNXC_pOv9cAM9bOLve2RHLfs5Sr793vK-UB9imgS6Y7uHAVlGVo2gkncGZKXNncS4VQx8F8hl-HAd3ZItfen9q7ZJWIK98IVMmLnS3YWhItE2RRMqH9UoIO-PVUmzsdP5-vqiYS7vcqA9-QFLZxAWkXLPSi0zQ", "e": "AQAB" }
Can you please how to handle this scenario using JWKRemoteUrl as it always expects keys array even though single key is returned.
Comments (1)
-
- Log in to comment
Publishing a JWK set (JSON array) of multiple keys, instead of just one key at the URL is intended to facilitate smooth key roll-over. With a single key being published switching to a new key can lead to errors on the client side.
Anyway, if you want to keep the one-key-per URL, I suggest you override the existing com.nimbusds.jose.jwk.source.RemoteJWKSet, or implement your own single JWK source with com.nimbusds.jose.jwk.source.JWKSource (possibly copying code where needed from RemoteJWKSet).