How to use public key for OAuth2 JWT authentication?

Question

How to use public key for OAuth2 JWT authentication?

I am implementing an application that connects to the OAuth2 server and receives back the Json Web Token (JWT). I transfer the token, and I want to confirm on my own that the token came from the issuing source.

I can do this, with no problems, with the public key from the release source. At the moment, I have this for me. Everything is working.

But what if the OAuth server changes the signature key? How does a validation application get a new key? Is there a "best practice" agreement for sharing a public key from an OAuth2 server? Are we just pushing it from the endpoint on the auth server?

+4

validation oauth-2.0 jwt public-key-encryption

Brian genisio May 05 '15 at 23:14

source share

1 answer

Hans Z. · Accepted Answer · 2015-05-06T16:19:29+0000

, OAuth 2.0 ().

, , OAuth ( , API , /) , PKI, .

OpenID Connect SSO-, OAuth 2.0, URI JWKs Discover, . jwks_uri :

. URL- - OP JSON [JWK]. , RP . JWK MAY () , RP . , ( ) JWK . , , , , . JWK x5c X.509 . , .

HTTP, SSL CA JWT.

- jwks_uri OAuth 2.0, Client Authorization Server . .

, OpenID Connect , JWT.

How to use public key for OAuth2 JWT authentication?

More articles: