Using well-known/openid-configuration URL instead of JWK URL

319 views

Skip to first unread message

Anil Gunturu

unread,

Sep 6, 2022, 11:02:52 AM9/6/22

to KrakenD Community

Is it possible to specify the .well-known/openid-configuration URL instead of JWK URL. Typically, the JWK URL is present in the openid-configuration.

Thanks,

-Anil

Albert Lombarte

unread,

Sep 12, 2022, 4:40:50 AM9/12/22

to KrakenD Community, anil.g...@gmail.com

Hi Anil,

You must pass the URL that when KrakenD accesses it, it finds the final public keys attribute for verification. You can see an example of how it looks like here https://albert-test.auth0.com/.well-known/jwks.json

For instance, in Keycloak you will need to specify soemthing like this:

"auth/validator": {

"alg": "RS256",

"jwk_url": "http://KEYCLOAK:8080/auth/realms/master/protocol/openid-connect/certs",

"disable_jwk_security": true

}

Note: disable jwk flag is set when the protocol is not HTTPS but HTTP instead.

El dia dimarts, 6 de setembre de 2022 a les 17:02:52 UTC+2, anil.g...@gmail.com va escriure:

Reply all

Reply to author

Forward

0 new messages