Contrib.social

[PP-1] Provide automated key rotation

Open on Drupal.org β†’
Created on 19 April 2019, over 6 years ago
Updated 14 July 2025, about 1 month ago

Problem/Motivation

I'm not sure if this should be provided as part of this module or perhaps a related sub-module that alters functionality introduced in #2924832 β†’

As far as I can tell, right now, this module provides the ability to generate keys, but doesn't not provide any automated key rotation.

It might be preferable to provide some automated key rotation similar to ...
https://git.drupalcode.org/project/oauth2_server/blob/8.x-1.x/oauth2_ser...

The kidshould probably be added to the id_token at this stage too.

Proposed resolution

Refactor and create a cron hook that allows keys to be rotated automatically.

Remaining tasks

TBD

User interface changes

TBD - Possible changes to capabilities introduced in #2924832

API changes

TBD

Data model changes

TBD - Probably none.

Release notes snippet

TBD

✨ Feature request
Status

Postponed

Version

6.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States matt_paz

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 month ago β†’
    πŸ‡ͺπŸ‡ΈSpain rodrigoaguilera Barcelona

    In the context of OpenID Connect when using RS256 a "kid" is required on the JWKS endpoint and the header of the token.

    If you try to pass the playground test with simple_oauth and this patch https://git.drupalcode.org/project/simple_oauth/-/merge_requests/171
    It will complain about the "kid" being missing
    https://openidconnect.net/

    So the same kid needs to be in the JWKS endpoint and in the OpenIdConnectIdTokenResponse. I added one line there 

        // Add required id_token claims.
     $builder = $this->getBuilder($accessToken, $userEntity);

     $builder = $builder->withHeader('kid', 'singlekey');

    And I was able to go through all the steps in the playground

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024