You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is common for auth providers to use multiple private keys, each with its own public key. At a minimum, Auth0 and AWS Cognito follow this practice. I suspect that this is common to enable zero-downtime key rotation. This is also a core part of the JWKS format (RFC-7517), which contains a set of JWKs.
The only option for configuring external authentication on the Triplet server is via the TRIPLIT_EXTERNAL_JWT_SECRET env variable, which accepts a single JWK as described in #345. This makes it impossible to use Triplit many auth providers in a production setup. Is there a workaround to pass multiple JWKs, or a JWKS, to the Triplit server?
The text was updated successfully, but these errors were encountered:
It is common for auth providers to use multiple private keys, each with its own public key. At a minimum, Auth0 and AWS Cognito follow this practice. I suspect that this is common to enable zero-downtime key rotation. This is also a core part of the JWKS format (RFC-7517), which contains a set of JWKs.
The only option for configuring external authentication on the Triplet server is via the
TRIPLIT_EXTERNAL_JWT_SECRETenv variable, which accepts a single JWK as described in #345. This makes it impossible to use Triplit many auth providers in a production setup. Is there a workaround to pass multiple JWKs, or a JWKS, to the Triplit server?The text was updated successfully, but these errors were encountered: