rogerweb
Verifying JWTs with JWKS URL from the token
Hi,
I have a single-tenant application that receives requests from users containing an access token they get from AWS Cognito. I use Joken to verify the token with the help of Joken JWKS hook to fetch the public keys from a URL. The single static URL is is part of my application configuration.
Now the problem: I need to turn my application into multi-tenant, hence it will have to verify tokens from different Cognito’s user pools, which means different JWKS URLs. Instead of only one statically configured URL, each token will bring it in its “iss” claim.
The DefaultStrategyTemplate doesn’t seem to support this dynamic approach, so I’m wondering if there is an alternative or if I’ll have to code it myself. In the latter case, would it be an implementation of the JokenJwks.SignerMatchstrategy behavior or an entire Joken.Hooks?
Regards,
Roger
Most Liked
olivermt
I’d go with number two ![]()
Or make my own variant of jwks maybe, using their code but adjusting it for being more on-demand/multiplexed.
I guess spinning it up dynamically based on iss and pruning after X hours/days with housekeeping in a genserver/supervisor is a good way too (your number two basically).
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









