djangorestframework-simplejwt icon indicating copy to clipboard operation
djangorestframework-simplejwt copied to clipboard

Published 20 hours ago verified publisher icon jazzband

Support for multiple verifying keys?

Open threewordphrase opened this issue 2 years ago • 1 comments

I've been looking through the code and this doesn't appear to be supported, but please correct me if I'm wrong!

I would like to support multiple VERIFYING_KEYs in my application. This ability is essential to rotate keys across our infrastructure with no downtime, as we have one central auth server and many distributed django services.

Is subclassing the Authentication classes the only way to accomplish this, or is there some ability buried in the spec that I am missing?

threewordphrase avatar Sep 04 '22 04:09 threewordphrase

The only support for multiple verification keys in simplejwt is to use the JWK_URL option. This works only for RS algorithms.

Source: https://github.com/jazzband/djangorestframework-simplejwt/blob/master/rest_framework_simplejwt/backends.py#L94

dcopso avatar Dec 03 '22 03:12 dcopso