JWKS endpoint of wso2 IS
What is JWKS endpoint?
The JSON Web Key Set (JWKS) endpoint is a read-only endpoint. This url returns the Identity Server's public key set in Json web key set format. This contains the signing key(s) the RP uses to validate signatures from the Identity Server. This endpoint is defined loosely by the OpenID Connect Discovery specification.
Try JWKS endpoint with Identity Server
The endpoint url for the super tenant:
https://localhost:9443/oauth2/jwks
The jwks for the super tenant will be as follows:
{
"keys": [
{
"alg": "RS256",
"kty": "RSA",
"use": "sig",
"n": "AJSn-hXW9Zzz9ORBKIC9Oi6wzM4zhqwHaKW2vZAqjOeLlpUW7zXwyk4tkivwsydPNaWUm-9oDlEAB2lsQJv7jwWNsF7SGx5R03kenC-cf8Nbxlxwa-Tncjo6uruEsK_Vke244KiSCHP8BOuHI-r5CS0x9edFLgesoYlPPFoJxTs5",
"e": "AQAB",
"kid": "d0ec514a32b6f88c0abd12a2840699bdd3deba9d",
}
]}
Here if we consider the values one by one:
alg : stands for the algorithm for the public key of the related tenant domain.
kty : is the public key type.
use : is the way that the key is using. Here sig represents the signature
e : is the exponent value of the public key
n : is the modulus value of the public key
kid : is the thumbprint of the certificate. This value is an identifier used in identifying the key to be used to verify the signature.
The jwks endpoint for a specific tenant domain will be changed as follows. Here the tenant domain is test.com.
From IS 5.2.0 this jwks endpoint can be used with Wso2 Identity Server.
Hi,
ReplyDeleteMy issue is the following :
In the case of a jwks without tenant, I have no problem of CORS (No Access Control-Allow-Origin). Because I have modified the web.xml file (repository/deployment/server/webapps/oauth2/WEB-INF/web.xml) with adding filter for cors.allowOrigin.
With holding (ex: /t/example.com/oauth2/jwks) I have a CORS problem.
Do you have a solution to activate the CORS in the case of a tenant?
Thanks