- Issue created by @bob.hinrichs
Currently the jwks page only displays a single keyset. If you look at systems such as Canvas, you will see a jwks page with two keysets displayed.
The advantage of this is that when the keys are rotated, the key in the first position will move to the second position, and the "new" key will be placed in the first position. This maintains continuity in platforms being able to connect to the provider after the keys are rotated.
In a related ticket (linked here under related tickets), it is suggested to have a site-wide configuration for the keyset (rather than storing them in each consumer entity). If that change is made to this module, then it would be easy to add a second keyset to the configuration. Then the code to render the jwks would add the second keyset to the array to be rendered. Once this is in place, then key rotation for all of the consumers can be achieved by changing this configuration of the two keys.
This would require changes to the LTIToolProviderV1P3Jwks.
The final result looks something like:
{"keys":[[{"alg":"RS256","kty":"RSA","use":"sig","n":"sJOuOaypfB8s-gCxvqV3___ITzXEtajgdoo4uLgIYJnLZcj2eERWKXHZMtdVL2ftrBNQAawfHe3ig-dZlYPE5KfVwxwv9eKX2oQQLgXRellBsq1dzG-QkoEzd8LlSNi6IN6wuhwZrDsjE2DMSpzeD48MHG1h1uUHcbDQEePSvBGwwz5gFbSj9jvza5_9nkH-Zic6thKKWmOLDesKtMAc2QFYdXEU-ixbH_7d40nRuDSbB1sKdTUYrc2v8ccX3giDKg0oMAIHFYoua4rPi9VqEuY6aO-MPtXH8UPkBCksQsQyV8YXah9XZFHKbmpL4FTxtydhy6f5II2-ReRBTNKICw","e":"AQAB","kid":"940af0cc"}],[{"alg":"RS256","kty":"RSA","use":"sig","n":"ro9JCq9geFA8j6PZND8LZphUb092HbejvLR8zGAyOYXC7zc9r4jVewICoVpJeMEfuQciwWXgXfQoz3yNrJEkUZJowZh8_fF1_co9TJ6JDJPy20gWGqw9vtjYXAK5DR7EakiTA3rRXRviUybgFGKXM3z_DV0QYjYVzYttO-cmgQG_3yF8q04MiwXGwH0vSOIs1Rn6-s3ScnISMWi27nIRbRurXwFAZIrpBU6--k1dtv3i6338JgmbPyp2WO7X2wmN-968gkqxlOkBkKMDemKrkzbFJLACi9HuG2yGrIOnBU88Ts5icHFk9lxTdqiubF1OCwv7cpk_4skvssZCvG2G3Q","e":"AQAB","kid":"862254ed"}]]}
Active
2.0
Code