JSON Web Key Set (JWKS) Support #1435
Description
For machine-to-machine API calls where open-balena is added to an existing cloud environment that has an existing JWK/JWT based auth service, it would be great to for open-balena-api to support a JWKS URI config option.
Looks like the easiest way to do this is to swap the https://www.npmjs.com/package/passport-jwt package for something like https://github.com/auth0/node-jwks-rsa/blob/master/examples/passport-demo/README.md (although, that has been replaced with https://auth0.com/blog/auth0-s-express-openid-connect-sdk/ ) ... so, maybe it is time to make the passport auth mechanism pluggable.
In the meantime, I'll try just swapping out parts of src/infra/auth through a volume mount.