Support JWKS filesΒ #128
Description
To handle key rotation, from what I understand it's common to have a JSON Web Key Set (JWKS) file (related standard) that contains a collection of JSON Web Keys (represented as JSON dictionaries). Each of these keys in an array in the file has a key identifier (kid). The JWKS contains the public information for all of these keys.
When a token comes in to be validated, the process doing the validation extracts the kid from the token, finds the appropriate public key from the JWKS to use to perform the validation and then runs it, most likely storing a map in memory from kid to key.
JWKS files are supported by the commercial ngx_http_auth_jwt_module via the auth_jwt_key_file command, which points to the file continuing the keys.
From what I can tell, the TeslaGov/ngx-http-auth-jwt-module can use a file but it refers to a single PEM key.
Is there any support for JWKS files or any plan to support it? I'm not sure how difficult that would be. It seems to be the standard format and allows for supporting multiple keys for validation (which enables key rotation without invalidating all the existing tokens).