Jan Høydahl created SOLR-13713:
----------------------------------

             Summary: JWTAuthPlugin to support multiple JWKS endpoints
                 Key: SOLR-13713
                 URL: https://issues.apache.org/jira/browse/SOLR-13713
             Project: Solr
          Issue Type: Improvement
      Security Level: Public (Default Security Level. Issues are Public)
          Components: security
    Affects Versions: 8.2
            Reporter: Jan Høydahl
            Assignee: Jan Høydahl


Some [Identity Providers|https://en.wikipedia.org/wiki/Identity_provider] do 
not expose all JWK keys used to sign access tokens through the main [JWKS 
|https://auth0.com/docs/jwks] endpoint exposed through OIDC Discovery. For 
instance Ping Federate can have multiple Token Providers, each exposing its 
signing keys through separate JWKS endpoints. 

To support these, the JWT plugin should optinally accept an array of URLs for 
the {{jwkUrl}} configuration option. If an array is provided, then we'll fetch 
all the JWKS and validate the JWT against all before we fail the request.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to