Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support OIDC JsonWebKeySet providers #36610

Closed
sberyozkin opened this issue Oct 21, 2023 · 2 comments
Closed

Support OIDC JsonWebKeySet providers #36610

sberyozkin opened this issue Oct 21, 2023 · 2 comments
Assignees
Labels
area/oidc kind/enhancement New feature or request

Comments

@sberyozkin
Copy link
Member

sberyozkin commented Oct 21, 2023

Description

Currently, the process of retrieving JWK sets from the OIDC provider can not be customized. However, as discussed at #36563, it may be necessary in some cases, for example, when a custom authentication mechanism is involved. Or, perhaps, someone would like to fetch the keys from the alternative source (not from the standard OIDC JWKS endpoint).

Implementation ideas

Introduce an interface like

public interface JsonWebKeySetProvider {
    Uni<JsonWebKeySet> getKeys(WebClient client, OidcTenantConfig config, OidcConfigurationMetadata discoveredConfig);
    Uni<JsonWebKeySet> refreshKeys(WebClient client, OidcTenantConfig config, OidcConfigurationMetadata discoveredConfig);
}

CC @calvernaz

and let uses customize the key acquisition process if they need to

@sberyozkin sberyozkin added the kind/enhancement New feature or request label Oct 21, 2023
@sberyozkin sberyozkin self-assigned this Oct 21, 2023
@quarkus-bot
Copy link

quarkus-bot bot commented Oct 21, 2023

/cc @pedroigor (oidc)

@sberyozkin
Copy link
Member Author

There is a simpler but also more generic way that can be of use to OIDC client operating in quarkus-oidc and quarkus-oidc-client.
Closing for now as not planned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/oidc kind/enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant