Support JWT signing header key ID (kid)
znorris opened this issue · comments
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- This issue affects my Ory Cloud project.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Describe your problem
Issue:
The most popular ruby gem for JWTs expects for incoming tokens to include a header with the key: "kid" and the value is the key ID of the signing JWK. Without that header key I'm unable to use the decode method successfully.
Describe your ideal solution
I'm hoping supporting this is as simple as creating a custom signer that adds the header.
var signerOpts = jose.SignerOptions{}
signerOpts.WithHeader("kid", someID)
Current signer: https://github.com/ory/cli/blob/master/cmd/cloud/proxy/common.go#L186
Workarounds or alternatives
The ruby lib in question doesn't appear to give me any way of specifying the key ID and is instead parsing the JWT head for it. I've been unable to find a workaround.
Version
v0.1.22
Additional Context
Version: v0.1.22
Git Hash: 93b27f5
Build Time: 2022-01-21T13:51:59Z
I'm not quite sure what happened to this commit over time but the KID doesn't appear to be a part of the JWT header any longer.