[
https://issues.apache.org/jira/browse/SOLR-13713?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16926530#comment-16926530
]
ASF subversion and git services commented on SOLR-13713:
--------------------------------------------------------
Commit 4af601eb10cea9244800a296cc2fd578dd290774 in lucene-solr's branch
refs/heads/branch_8x from Jan Høydahl
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=4af601e ]
SOLR-13713: JWTAuthPlugin to support multiple JWKS endpoints
(cherry picked from commit 4599f6e9ee2a647c1d6861adfedb12e5cf74783d)
> JWTAuthPlugin to support multiple JWKS endpoints
> ------------------------------------------------
>
> Key: SOLR-13713
> URL: https://issues.apache.org/jira/browse/SOLR-13713
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Affects Versions: 8.2
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Labels: JWT
> Fix For: 8.3
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Some [Identity Providers|https://en.wikipedia.org/wiki/Identity_provider] do
> not expose all JWK keys used to sign access tokens through the main [JWKS
> |https://auth0.com/docs/jwks] endpoint exposed through OIDC Discovery. For
> instance Ping Federate can have multiple Token Providers, each exposing its
> signing keys through separate JWKS endpoints.
> To support these, the JWT plugin should optinally accept an array of URLs for
> the {{jwkUrl}} configuration option. If an array is provided, then we'll
> fetch all the JWKS and validate the JWT against all before we fail the
> request.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
