Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== JSON Web Keys ====== The OpenID specification requires a JWKs endpoint to list public keys that can verify ID tokens. Current thinking is to store them in the filesystem either in PEM or JSON format. A Flask command can be created to rotate these on a schedule. These should be stored with the correct file permissions (''o-rwx'' at a minimum). We should support the EC and RSA algorithms (EC is preferred, RSA is still required by the spec). projects/member_portal/jwk Last modified: 2 months agoby samp20