Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fall back to jwks_url if no jwks_uri found in configuration #21

Merged
merged 1 commit into from
Aug 7, 2024
Merged

Fall back to jwks_url if no jwks_uri found in configuration #21

merged 1 commit into from
Aug 7, 2024

Conversation

joakimnordling
Copy link
Contributor

  • Use jwks_url as a fallback if the jwks_uri is not defined in the configuration. This makes it possible to use a broader selection of JWT providers.
  • OpenIDConfigurationTypeDef was removed, you can use ConfigurationTypeDef instead.
  • Security updates to libraries (aiohttp, idna, cryptography).
  • Updated pre-commit hooks.
  • Improvements to README.

@joakimnordling
Fall back to jwks_url if no jwks_uri found
219b7d6 
- Use `jwks_url` as a fallback if the `jwks_uri` is not defined in the configuration. This makes it possible to use a broader selection of JWT providers.
- `OpenIDConfigurationTypeDef` was removed, you can use `ConfigurationTypeDef` instead.
- Security updates to libraries (aiohttp, idna, cryptography).
- Updated pre-commit hooks.
- Improvements to README.
lietu
lietu approved these changes Aug 7, 2024
View reviewed changes
Copy link
Contributor

@lietu lietu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might've prioritized jwks_url over jwks_uri because an url is by definition going to be more likely to be accessible where as an uri can be pretty much anything. It's very unlikely however that someone has both properties and that the url is in practice accessible while the uri is not.

@joakimnordling
Copy link
Contributor Author

The /.well-known/openid-configuration uses jwks_uri and is likely the most used configuration for this library; it's what the library was made for and the default configuration it fetches. Thus defaulting to jwks_uri makes sense to me. The library has been around for over 3 years and our internal need is now the first request to at all add support for jwks_url.

I do agree on the semantics over a URL vs URI, but we can't change what's used in /.well-known/openid-configuration, so I still think the practical use cases dictates what should be the primary one. In the rare case where someone would have both jwks_uri and jwks_url I also prefer the library to be backwards compatible and work the way it used to rather than changing how it works. That being said I hope nobody relies on it and as the library is still in versions 0.x.y this could change in a later release if we see a need for it.

@joakimnordling joakimnordling merged commit 68dfb5f into main Aug 7, 2024
4 checks passed
@joakimnordling joakimnordling deleted the feature/jwks-url branch August 7, 2024 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lietu lietu lietu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joakimnordling @lietu