Nikki Locke
Reputation: 2941
I'm creating an OpenID Server, what do I return from the jwks request
I have a working webapp that acts as an OAuth2/OpenID server.
It is all working fine with many clients, but I have come across a new client that requires the jwks endpoint to work.
My server uses HS256 for signing, using the client secret as the key. I have Googled for over an hour, trying to find out what the jwks endpoint should return in this situation, but I haven't been able to find any concrete examples using HS256.
I am also baffled by the jwks endpoint is supposed to return a key, but the key actually used depends on which client it is (as it is the client secret), but the endpoint doesn't know which client is connecting.
Can anyone suggest where to find an example that will work?
Upvotes: 0
Views: 15
Answers (0)
Related Questions
- "The breakpoint will not currently be hit. The source code is different from the original version." What does this mean?
- If my interface must return Task what is the best way to have a no-operation implementation?
- Identity server - How to override jwks file manually?
- Manually validating a token from an OIDC provider without `well-known` metadata in Asp Net Core 3.1
- What is the difference between OpenID and SAML?
- What OpenID Connect authorization flow to authenticate mobile app users?
- Creating Custom OpenId Provider for Oauth2 Spring Boot
- How can I manually validate token I got from my custom authorization server by using jwt.io?
- Is it possible to perform authentication with known user and password?