You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The differences between using a JWK Set URI and a public key location present an interesting problem. We configure both using the same jws-algorithm property but only the former can potentially support multiple values when creating the JWT decoder.
Use of a JWS Set URI or a public key location is mutually exclusive and we'll only ever auto-configure one decoder. This means that we could change both to use the new jws-algorithms property. We'd then have to handle the case where multiple algorithms and a public key location have been configured. I've implemented a proposal for this in this branch. Flagging for team attention as I'd like to see if we're in agreement on this being a good idea…
See PR #31230 for background.
The text was updated successfully, but these errors were encountered: