JSON Web Keys

The OpenID specification requires a JWKs endpoint to list public keys that can verify ID tokens.

Current thinking is to store them in the filesystem either in PEM or JSON format. A Flask command can be created to rotate these on a schedule. These should be stored with the correct file permissions (o-rwx at a minimum).

We should support the EC and RSA algorithms (EC is preferred, RSA is still required by the spec).

  • projects/member_portal/jwk
  • Last modified: 3 weeks ago
  • by samp20