how to configure keycloak to send encryption key in jwks_uri?

[Bala]

Hi All,

As per the openid spec, jwks_uri can have both signing key and server encryption key in its response.

From openid_spec:

jwks_uri

REQUIRED. URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.

I am looking to send encryption key from my standalone keycloak server but i don't see an option for it. Is there a way to send encryption key in the jwks_uri with use as "enc"?

Here is the sample response that i am getting from keycloak server. Below i need the "use" to be "enc" instead of "sig"

{ "keys": [ { "kid": "47456b8069e4365e517ca5e29757d1a9efa567ba", "e": "AQAB", "kty": "RSA", "alg": "RS256", "n": "..sdweG...asdaszZYXYeEasasdLQUJA28b8l5NUSDI9tnbrfP8SIXlqLz8mNfuKR18LAU3s9sv-sR3Q..", "use": "sig" --> how to change this to send encryption key }, { "alg": "RS256", "n": "..1fkmkllSzjVPTPD81eI8asadoXtsCNwEudbFr1PCasdGHZu6m2J2PQas6_hK0X...", "use": "sig", "kid": "...asd988e3aae67afb82caalklka..", "e": "AQAB", "kty": "RSA" } ] }

Thanks,

[Steve Ortiz]

Hello, 

Did you find out how to do this??