diff options
author | Teo Klestrup Röijezon <teo.roijezon@appva.com> | 2021-02-05 12:01:38 +0100 |
---|---|---|
committer | Teo Klestrup Röijezon <teo.roijezon@appva.com> | 2021-02-05 12:01:38 +0100 |
commit | 91add59b9a68b4b47587a36c80efed37f9a584eb (patch) | |
tree | 1dd7a5ac40396b83494f19d61570062f374a6c9c | |
parent | 1a3d68be376729fccdeaeb8968a97c9bd12a74e5 (diff) | |
download | rabbitmq-server-git-91add59b9a68b4b47587a36c80efed37f9a584eb.tar.gz |
Document JWKS support
-rw-r--r-- | deps/rabbitmq_auth_backend_oauth2/README.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/deps/rabbitmq_auth_backend_oauth2/README.md b/deps/rabbitmq_auth_backend_oauth2/README.md index d98d259779..8712e53260 100644 --- a/deps/rabbitmq_auth_backend_oauth2/README.md +++ b/deps/rabbitmq_auth_backend_oauth2/README.md @@ -122,6 +122,22 @@ If a symmetric key is used, the configuration will look like this: ]. ``` +The key set can also be retrieved dynamically from a URL serving a [JWK Set](https://tools.ietf.org/html/rfc7517#section-5). +In that case, the configuration will look like this: + +```erlang +[ + {rabbitmq_auth_backend_oauth2, [ + {resource_server_id, <<"my_rabbit_server">>}, + {key_config, [ + {jwks_url, "https://my-jwt-issuer/jwks.json"} + ]} + ]}, +]. +``` + +NOTE: `jwks_url` takes precedence over `signing_keys` if both are provided. + ### Resource Server ID and Scope Prefixes OAuth 2.0 (and thus UAA-provided) tokens use scopes to communicate what set of permissions particular |