Skip to content

Use JWK url

Lukas Möller requested to merge use-jwk into sip

It is quite unusual to pass the public key as an env variable. Additionally it has some maintenance implications and also restricts us to only using one public / private key pair. By switching to the jwcrypto library we could solve that issue (there is no 1.0 release yet). This branch loads the jwk (JSON Web Key) from the environment variable SIP_AUTH_OIDC_JWKS_URL and caches it in mem. This means that no restart is necessary when the keycloak server suddenly uses a new public / private key pair (it could even allow both keys during some period of time)

cc @eisman

Edited by Lukas Möller

Merge request reports