Metadata declaring the historical keys endpoint location
Issue #2080
resolved
The historical keys endpoint is currently at <EntityIdentifier>/.well-known/openid-federation-historical-jwks. It would have been more consistent to publish its location in the Entity's metadata for the federation_entity Entity Type in a federation_historical_keys_endpoint property. I recommend that we do that.
Note that this need not be a breaking change to implementations in practice. If a deployment publishes a federation_historical_keys_endpoint metadata entry with the value <EntityIdentifier>/.well-known/openid-federation-historical-jwks, then clients locating the endpoint either the old way or the new way will continue to work.
Comments (5)
-
-
@Michael Jones could you please create a PR for this?
-
reporter
To be fixed by https://bitbucket.org/openid/connect/pull-requests/659
-
reporter
- changed status to open
-
reporter
- changed status to resolved
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- resolved
- Component
- Federation
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
Another argument to make the historical JWKs URL a metadata parameter is that we shouldn’t be using a well-known URL for this unless absolutely necessary. This will make deploying federation easier too.
The current
.well-known/openid-federationis enough to bootstrap the discovery and everything else, including the historical JWKs URL, can be found out from the Entity Configuration.