[ https://issues.apache.org/jira/browse/SOLR-13713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16926530#comment-16926530 ]
ASF subversion and git services commented on SOLR-13713: -------------------------------------------------------- Commit 4af601eb10cea9244800a296cc2fd578dd290774 in lucene-solr's branch refs/heads/branch_8x from Jan Høydahl [ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=4af601e ] SOLR-13713: JWTAuthPlugin to support multiple JWKS endpoints (cherry picked from commit 4599f6e9ee2a647c1d6861adfedb12e5cf74783d) > JWTAuthPlugin to support multiple JWKS endpoints > ------------------------------------------------ > > Key: SOLR-13713 > URL: https://issues.apache.org/jira/browse/SOLR-13713 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: security > Affects Versions: 8.2 > Reporter: Jan Høydahl > Assignee: Jan Høydahl > Priority: Major > Labels: JWT > Fix For: 8.3 > > Time Spent: 20m > Remaining Estimate: 0h > > Some [Identity Providers|https://en.wikipedia.org/wiki/Identity_provider] do > not expose all JWK keys used to sign access tokens through the main [JWKS > |https://auth0.com/docs/jwks] endpoint exposed through OIDC Discovery. For > instance Ping Federate can have multiple Token Providers, each exposing its > signing keys through separate JWKS endpoints. > To support these, the JWT plugin should optinally accept an array of URLs for > the {{jwkUrl}} configuration option. If an array is provided, then we'll > fetch all the JWKS and validate the JWT against all before we fail the > request. -- This message was sent by Atlassian Jira (v8.3.2#803003) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org