Support JWT signing header key ID (kid)

Question

Support JWT signing header key ID (kid)

znorris opened this issue 3 years ago · comments

Zach Norris commented 3 years ago

Preflight checklist

I could not find a solution in the existing issues, docs, nor discussions.
I agree to follow this project's Code of Conduct.
I have read and am following this repository's Contribution Guidelines.
This issue affects my Ory Cloud project.
I have joined the Ory Community Slack.
I am signed up to the Ory Security Patch Newsletter.

Describe your problem

Issue:

The most popular ruby gem for JWTs expects for incoming tokens to include a header with the key: "kid" and the value is the key ID of the signing JWK. Without that header key I'm unable to use the decode method successfully.

Describe your ideal solution

I'm hoping supporting this is as simple as creating a custom signer that adds the header.

var signerOpts = jose.SignerOptions{}
signerOpts.WithHeader("kid", someID)

Current signer: https://github.com/ory/cli/blob/master/cmd/cloud/proxy/common.go#L186

Workarounds or alternatives

The ruby lib in question doesn't appear to give me any way of specifying the key ID and is instead parsing the JWT head for it. I've been unable to find a workaround.

Version

v0.1.22

Additional Context

Version: v0.1.22
Git Hash: 93b27f5
Build Time: 2022-01-21T13:51:59Z

Zach Norris · Answer 1 · Fri Sep 02 2022 11:45:06 GMT+0800 (China Standard Time)

I'm not quite sure what happened to this commit over time but the KID doesn't appear to be a part of the JWT header any longer.