Document JWKS support

author: Teo Klestrup Röijezon <teo.roijezon@appva.com> 2021-02-05 12:01:38 +0100
committer: Teo Klestrup Röijezon <teo.roijezon@appva.com> 2021-02-05 12:01:38 +0100
commit: 91add59b9a68b4b47587a36c80efed37f9a584eb (patch)
tree: 1dd7a5ac40396b83494f19d61570062f374a6c9c
parent: 1a3d68be376729fccdeaeb8968a97c9bd12a74e5 (diff)
download: rabbitmq-server-git-91add59b9a68b4b47587a36c80efed37f9a584eb.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/deps/rabbitmq_auth_backend_oauth2/README.md b/deps/rabbitmq_auth_backend_oauth2/README.md
index d98d259779..8712e53260 100644
--- a/deps/rabbitmq_auth_backend_oauth2/README.md
+++ b/deps/rabbitmq_auth_backend_oauth2/README.md
@@ -122,6 +122,22 @@ If a symmetric key is used, the configuration will look like this:
 ].
 ```
 
+The key set can also be retrieved dynamically from a URL serving a [JWK Set](https://tools.ietf.org/html/rfc7517#section-5).
+In that case, the configuration will look like this:
+
+```erlang
+[
+  {rabbitmq_auth_backend_oauth2, [
+    {resource_server_id, <<"my_rabbit_server">>},
+    {key_config, [
+      {jwks_url, "https://my-jwt-issuer/jwks.json"}
+    ]}
+  ]},
+].
+```
+
+NOTE: `jwks_url` takes precedence over `signing_keys` if both are provided.
+
 ### Resource Server ID and Scope Prefixes
 
 OAuth 2.0 (and thus UAA-provided) tokens use scopes to communicate what set of permissions particular
author	Teo Klestrup Röijezon <teo.roijezon@appva.com>	2021-02-05 12:01:38 +0100
committer	Teo Klestrup Röijezon <teo.roijezon@appva.com>	2021-02-05 12:01:38 +0100
commit	91add59b9a68b4b47587a36c80efed37f9a584eb (patch)
tree	1dd7a5ac40396b83494f19d61570062f374a6c9c
parent	1a3d68be376729fccdeaeb8968a97c9bd12a74e5 (diff)
download	rabbitmq-server-git-91add59b9a68b4b47587a36c80efed37f9a584eb.tar.gz