Create your own JWKS endpoint supporting both ECC and RSA algorithms
TL:DR
JSON Web Key Set (JWKS) endpoint is a read-only endpoint that contains the public keys’ information in the JWKS format. The public keys are the counterpart of private keys which are used to sign the tokens.
This article shares a spinnet of code exposing an endpoint that satisfy some of the most common use cases around a JWKS services:
- Generate a private/public key pair used to sign a JWT
- JWKS: Expose the public “part” of the generated key
- Generate and return a JWT signed with the private key
- Validate a given token against a public key
Note: Do you want to start playing around and create your own “customization”? Here, you can find the GitHub repo.
Context
Ok, I know what you are thinking: “What’s the difference between this article and many others already available?”.
The answer is the “Elliptical Curve Cryptography” (ECC) algorithm.
During the last couple of weeks, I spent several times looking for documentation and/or examples about services that generate and verify a signed JWT and, while I ran into several snippets of endpoint using the RSA algorithm to sign…
