Documented jwks_uri property.
h3rald h3rald@h3rald.com
Sat, 06 Jan 2024 16:50:39 +0100
2 files changed,
16 insertions(+),
2 deletions(-)
M
src/admin/md/auth.md
→
src/admin/md/auth.md
@@ -40,8 +40,13 @@ However, users with the **admin:wiki** scope will be able to access documents located under the /docs/wiki/ folder.
Finally, specify the public signature to be used to validate JWT tokens using the **signature** property. Typically, its value should be set to the first value of the [x.509 certificate chain](https://auth0.com/docs/tokens/reference/jwt/jwks-properties) specified in the [JSON Web Key Set](https://auth0.com/docs/jwks) of your API. +> %tip% +> signature vs. jwks_uri +> +> As of version 1.13.0, it is recommended to use the **jwks_uri** property in a LiteStore configuration file instead of the **signature** property. + To use this configuration at runtime, specify it through the **-\-auth** option, like this: `litestore -\-auth:auth.json` -Once enabled, LiteStore will return HTTP 401 error codes if an invalid token or no token is included in the HTTP Authorization header of the request accessing the resource or HTTP 403 error codes in case an authenticated user does not have a valid scope to access a specified resource.+Once enabled, LiteStore will return HTTP 401 error codes if an invalid token or no token is included in the HTTP Authorization header of the request accessing the resource or HTTP 403 error codes in case an authenticated user does not have a valid scope to access a specified resource.
M
src/admin/md/configuration-file.md
→
src/admin/md/configuration-file.md
@@ -101,4 +101,13 @@ * **allowed** — If set to **false**, LiteStore will return a [405 - Method not allowed](class:kwd) error code when accessing the resource with the specified method.
### signature -This section must be set to a valid certificate used validate JWT tokens. Note that the certificate must follow a specific format and start with the appropriate begin/end blocks.+This section must be set to a valid certificate used validate JWT tokens. Note that the certificate must follow a specific format and start with the appropriate begin/end blocks. + +### jwks_uri + +As of version 1.13.0, this property can be set to a URI pointing to a valid [JSON Web Key Sets](https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets) file. If this property is specified, it will be used instead of **signature** to perform signature verification of JWKS tokens. + +> %note% +> How JWKS data is managed +> +> If this property is set, LiteStore will attempt to download the specified JWKS file on startup. This file will be catched to a *store-name*_jwks.json file (e.g. `data_jwks.json`) and its contents stored in memory.