Skip to content

Support signing and encryption key rotation #10

New issue
New issue
Open
Open
Support signing and encryption key rotation#10
Labels
feature
@tekul

Description

@tekul
tekul
opened on Feb 21, 2015

The OP needs to be able to manage keys as defined in

http://openid.net/specs/openid-connect-core-1_0.html#RotateSigKeys

  • Configure a lifetime for key(s) and a grace period within which old keys are valid
  • Set a cache-control header on the jwks endpoint, based on the lifetime
  • Retain old keys internally for the grace period

An RP implementation should be able to use the same code

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions