Metadata declaring the historical keys endpoint location
The historical keys endpoint is currently at <EntityIdentifier>/.well-known/openid-federation-historical-jwks
. It would have been more consistent to publish its location in the Entity's metadata for the federation_entity
Entity Type in a federation_historical_keys_endpoint
property. I recommend that we do that.
Note that this need not be a breaking change to implementations in practice. If a deployment publishes a federation_historical_keys_endpoint
metadata entry with the value <EntityIdentifier>/.well-known/openid-federation-historical-jwks
, then clients locating the endpoint either the old way or the new way will continue to work.
Comments (5)
-
-
@Michael Jones could you please create a PR for this?
-
reporter To be fixed by https://bitbucket.org/openid/connect/pull-requests/659
-
reporter - changed status to open
-
reporter - changed status to resolved
- Log in to comment
Another argument to make the historical JWKs URL a metadata parameter is that we shouldn’t be using a well-known URL for this unless absolutely necessary. This will make deploying federation easier too.
The current
.well-known/openid-federation
is enough to bootstrap the discovery and everything else, including the historical JWKs URL, can be found out from the Entity Configuration.