nhost
Adding JWKS
Creating this issue after talking with @elitan. We'll likely have a need to integrate with 3rd party BE/auth using JWKS public keys, and currently hasura-auth doesn't support JWK. Quoting
Having a JWK is really good actually. That way you can verify JWT tokens (access tokens) from anywhere Right now we inject the JWT_SECRET env var to all serverless functions so you can verify JWT tokens there. But with a JWK URL injecting that JWT_SECRET variable would not be needed I think. If I understand the JWK correctly.
@plmercereau you created a JWKS route for hasura backend plus before? If we want to contribute to hasura-auth in adding JWKS support, can use some pointers on how best to go about it. Or we could collaborate/sponsor on this feature. Let me know your thoughts!
Hi Garry, Yes, hasura-backend-plus has a JWKS endpoint. It only worked when using RSA keys as SHA is a symmetric algorithm. Also, there was no key rotation mechanism in HBP.
It is not a top priority for us to implement such an endpoint, but any contribution is most welcome! You can have a look at these two pieces of code if interested: https://github.com/nhost/hasura-backend-plus/blob/master/src/routes/auth/jwks.ts https://github.com/nhost/hasura-backend-plus/blob/41e244f4a509584dd1e91c85c96e2772debada7f/src/shared/jwt.ts#L103
As you see, it's pretty straight forward when using jose.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}