The JWKS (JSON Web Key Set) endpoint is required for secure token validation when using OpenID Connect (OIDC) authentication in the miniOrange OAuth plugin.
Why is it needed?- Automatic Public Key Retrieval
- Enhanced Security
- Seamless Authentication
The JWKS endpoint provides a set of public keys used to verify the digital signatures of JWT tokens issued by the identity provider.
It ensures that only tokens signed by the authorized provider are accepted, preventing tampering attacks and validating that the response is from an authentic provider.
If the identity provider rotates its keys, the plugin will automatically fetch the new keys from the JWKS endpoint, avoiding authentication failures.
How do I configure it?
- During the OpenID application Configuration setup, navigate to advanced settings from the left nav bar and Enter the JWKS endpoint URL provided by your identity provider, in the Response Validation section.
- The plugin will use this endpoint to dynamically retrieve and validate JWT tokens during each login attempt.
