Add asymmetric JWT signing (#16010)

* Added asymmetric token signing. * Load signing key from settings. * Added optional kid parameter. * Updated documentation. * Add "kid" to token header.
2025-07-22 18:28:37 +00:00 · 2021-06-17 23:56:46 +02:00
parent f7cd394680
commit 29695cd6d5
13 changed files with 481 additions and 47 deletions
--- a/templates/user/auth/oidc_wellknown.tmpl
+++ b/templates/user/auth/oidc_wellknown.tmpl
@@ -2,11 +2,18 @@
    "issuer": "{{AppUrl | JSEscape | Safe}}",
    "authorization_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/authorize",
    "token_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/access_token",
+    "jwks_uri": "{{AppUrl | JSEscape | Safe}}login/oauth/keys",
    "userinfo_endpoint": "{{AppUrl | JSEscape | Safe}}login/oauth/userinfo",
    "response_types_supported": [
        "code",
        "id_token"
    ],
+    "id_token_signing_alg_values_supported": [
+        "{{.SigningKey.SigningMethod.Alg | JSEscape | Safe}}"
+    ],
+    "subject_types_supported": [
+        "public"
+    ],
    "scopes_supported": [
        "openid",
        "profile",