-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: public jwks #1865
base: main
Are you sure you want to change the base?
feat: public jwks #1865
Conversation
Marked this as draft because I still need to add a change to the JwksGenerator to include key ids, but the code that is already here can be reviewed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is to support the UMA implementation right? I'm thinking it might be better to include it in the configs specifically for that so this is only enabled when setting up as an RS for an UMA server.
const { method, url } = request; | ||
|
||
if (!allowedMethods.has(method)) { | ||
throw new MethodNotAllowedHttpError( | ||
methodsNotAllowed, | ||
`Only GET or HEAD requests can target the storage description.`, | ||
); | ||
} | ||
|
||
if (url !== this.path) { | ||
throw new NotImplementedHttpError(`This handler is not configured for ${url}`); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a RouterHandler
class that we generally use to cover these cases, that can wrap around this one. If you looked at the StaticAssetHandler
for inspiration, that one doesn't have it because it was made before we had that and we never bothered to update.
We use this in the UMA setup, yes, but I specifically separated it because it can also be used by packaging (signatures as provenance), HTTP Message Signatures (used in GNAP, which I hope to work on soon), and in fact any protocol relying on server-wide asymmetric crypto (often on the Well-Known jwks path). |
This PR adds a
JwksHandler
that publishes the public key of aJwksGenerator
as a JWK Set on a given path.