azure-functions-auth
azure-functions-auth copied to clipboard
idandaccess
Handling multiple public key certs
When implementing with AAD, my tenant has multiple keys that can be used at random to validate JWTs (depending on the kid in the JWT header). Is there a way to setup this module to validate against multiple keys? Or is there a better way to implement bearer auth in this case?
Hi @hernan-almeida,
yes, I actually planned to integrate the lib jwks-rsa that'd make it optional to specify an IDP's (Identity Provider) public key / signing certificate at configuration time.
Instead the lib would go and request the right public key from the IDP according to the kid in the JWT header.
I just did not yet check if the jwks-rsa lib supports multiple different IDPs (or in Azure terms different tenants/AADs for that matter) with varying "well known endpoint" URIs.
If not then I guess it could be implemented in this azure-functions-auth lib.
is there a better way to implement bearer auth in this case?
As you're using the Azure-native IDP "AAD (Azure Active Directory)" you could try to just use the Function App's integrated Authentication functionality.
I created this lib mainly for the use case when you're not able to or dont want to use AAD as an IDP.
