Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
2.0k views
in Technique[技术] by (71.8m points)

PHP/Laravel: How to validate JWT token issued by external Authentication server by providing link to it's openid-configuration

I'm implementing OIDC authentication functionality with

  1. Existing common authentication server
  2. SPA for clients
  3. Resource server (My application API)

A user goes to SPA and obtains JWT token. Then SPA should call an API attaching JWT and my API should check that this JWT token was provided by the authentication server.

Technically, to validate JWT I need my API to get Public Key from authentication server, store it somewhere and be able to refresh it. It can be implemented manually, however, there should be a library to automate these actions.

In my vision a should provide a URI to issuer in config (https://{authentication server}), then API should call {authentication server}/.well-known/openid-configuration, read path to JWKS (.well-known/openid-configuration/jwks), upload them and refresh before it is expired.

I know such libraries exist for Node (https://www.npmjs.com/package/jwks-rsa) and .NET, but could not find such for PHP, especially with integrations with Laravel and this looks strange for me.

All I've hound is only methods to parse those codes, but there is no automation https://github.com/firebase/php-jwt#using-jwks


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
等待大神答复

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...