[
https://issues.apache.org/jira/browse/SOLR-13713?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl resolved SOLR-13713.
--------------------------------
Resolution: Fixed
> JWTAuthPlugin to support multiple JWKS endpoints
> ------------------------------------------------
>
> Key: SOLR-13713
> URL: https://issues.apache.org/jira/browse/SOLR-13713
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Affects Versions: 8.2
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Labels: JWT
> Fix For: 8.3
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Some [Identity Providers|https://en.wikipedia.org/wiki/Identity_provider] do
> not expose all JWK keys used to sign access tokens through the main [JWKS
> |https://auth0.com/docs/jwks] endpoint exposed through OIDC Discovery. For
> instance Ping Federate can have multiple Token Providers, each exposing its
> signing keys through separate JWKS endpoints.
> To support these, the JWT plugin should optinally accept an array of URLs for
> the {{jwkUrl}} configuration option. If an array is provided, then we'll
> fetch all the JWKS and validate the JWT against all before we fail the
> request.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
