JKU in JWT Header
-
Hi,
We have a 3rd party integration to whom we are sending our JWTs, they have prescribed they need the JKU populated in the JWT header for them to correctly verify the token. I seem to be struggling to find any documentation or mention of how or even if it is possible to configure the jku header in the JWT. Is there a way to get the jku header to be populated correctly?
FusionAuth
version 1.22.2 -
I'm sure the support guys will chime in shortly but you can modify the JWT information with lambdas. Here is the link...
-
We're already using that to populate claims details, but the documentation implies this is the JWT payload only and not the header
-
You cannot modify JWT headers with a lambda. I can update the documentation to make that clearer.
Please fee free to file an issue with your use case: https://github.com/fusionauth/fusionauth-issues/issues
Here's our general roadmap guidance: https://fusionauth.io/docs/v1/tech/core-concepts/roadmap/
-
I suppose one other option would be for you to have FusionAuth generate the JWT, then proxy the JWT, get the contents, add the JKU header, and then re-sign it. A brief googling indicates Kong can do this, maybe? https://docs.konghq.com/hub/kong-inc/jwt-signer/
I also updated the documentation to make current limitations clearer: https://github.com/FusionAuth/fusionauth-site/pull/575
Hope this helps.
-
Updated the JWT populate lambda doc to make it clear that headers aren't modifiable at the present time: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/