oauth2-openid-connect-server icon indicating copy to clipboard operation
oauth2-openid-connect-server copied to clipboard
Published 1 year ago verified publisher icon steverhoades

Support for the /key/set request

Open thejoelinux opened this issue 3 years ago • 1 comments

Relying parties who want to check the id_token validity against the public key issue a GET /ket/set on the OpenId Authorization Server/Provider.

We need a service to reply to this request with the public key.

thejoelinux avatar Aug 26 '22 12:08 thejoelinux

I solved it by installing web-token/jwt-bundle and web-token/jwt-key-mgmt packages.

Configuring the service with :

jose:
    keys: # Configuration of the keys
        public: # Unique key name
            file: # Name of the method
                path: '%kernel.project_dir%/config/jwt/public.key'
                is_public: true
                additional_values: # Optional values.
                    use: 'sig'
                    alg: 'RS256'

And did a little symfony Controller like :

namespace App\Controller;

use Jose\Component\Core\JWK;
use Jose\Component\Core\JWKSet;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Routing\Annotation\Route;

class KeyController extends AbstractController
{
    #[Route('/openid/key/set')]
    public function decode(JWK $publicKey): JsonResponse
    {
        $keySet = new JWKSet([$publicKey]);
        return new JsonResponse($keySet->jsonSerialize());
    }
}

My route was /openid/key/set but feel free to modify it the way you want. Remember to type-hint correctly $publicKey (corresponding to the entry public in the YAML file).

Anyway it would be good to have this directly in the symfony bundle. I'll try to take a look.

thejoelinux avatar Aug 26 '22 15:08 thejoelinux