plugin :rodauth do
enable :oauth_jwt, :oauth_jwt_jwks
oauth_jwt_keys { "RS256" => [OpenSSL::PKey.read(File.read('/path/to/private.pem'))] }
oauth_jwt_public_keys { "RS256" => [OpenSSL::PKey.read(File.read('/path/to/public.pem'))] }
end
Requires the :oauth_jwt_jwks feature to be enabled.
The /jwks endpoint exposes the auth provider public keys in the JWKs format, which are used by resource servers and client applications to verify signed JWT tokens, and facilitate public key rotation.
The keys will comprise of the keys declared in oauth_jwt_public_keys ("sig") and oauth_jwt_jwe_public_keys ("enc").