Hello, I don't know if this is the right place to ask. Please let me know. I am trying to implement an identification management system using SuperTokens and I am wondering if there was some support to use SuperTokens as an OIDC provider, meaning that I would simply configure my backend to verify the JWT token using OIDC and not manually verifying the JWT using the JWKS data ? If there is no support for this I would gladly implement it.

hey @sda there is. You can give the JWKs URL to your backend, and using some jwt lib, it can verify the JWT. See this: https://supertokens.com/docs/session/common-customizations/sessions/with-jwt/jwt-verification

So there is no possibility for restricting access to my JWKS or adding OIDC applications ?

why would you want to restruct access to the JWKS endpoint?

The idea is to provide a way for my applications to use OIDC flow to connect to the SuperToken server in order to authenticate my clients on the backend and verify their tokens generated by the SuperToken server

Right. We are not an OAuth provider yet. But we do have the feature of jwks verification via the jwks endpoint

ok I see, I'll implement JWKS verification manually on the backend then, I can get the JWT from your framework right?

Yes. You can get the JWT on the frontend from our SDK

alright perfect

Thanks! We will let you know if there is any thing on which we need help 🙂