Hi guys! One question about JWKS endpoint and publ...
# support-questions-legacyv
vyobukhov
08/23/2022, 1:18 PMHi guys! One question about JWKS endpoint and public key. How often and when this public key refreshes? I want to add JWT decoding on nginx-ingress level and looks like it supports public key but doesn't (yet) support jwk endpoint. I thought to just download this key and store it as a secret but how often I should refresh this secret?
r
rp_st
08/23/2022, 2:05 PMThe JWT keys are not changed at all.
rp_st
08/23/2022, 2:05 PMAlso, we do support JWKS endpoint
rp_st
08/23/2022, 3:20 PMAlso, there are two types of tokens -> the session access token and the session JWT token (you need to enable this JWT feature).
The access token is not a typical JWT so nginx can't decode it.. but it can do for the JWT.
So my comment above applies only for the JWT and not the access token.
v
vyobukhov
08/23/2022, 3:41 PMSo what JWKS endpoint returns - never changes? We can safely save it's response to the static secret and feed it to nginx?
r
rp_st
08/23/2022, 3:41 PMYes.
rp_st
08/23/2022, 3:42 PMAnd in the future we will add key Rotation but will make the rotation policy configurable.
v
vyobukhov
08/23/2022, 3:42 PMJust one more question. What do you mean by Access Token? Right now our user after login (with social, or local auth) gets JWT in response. Then he sends this JWT as Bearer and it's get decoded in node.js middleware. I want to move this decoding to nginx level (and this is where I need JWK)
r
rp_st
08/23/2022, 3:51 PMRight. Are you using our session management recipe?
v
vyobukhov
08/24/2022, 7:32 AMSry, missed the message. Yes
4 Views