Add support for JWK (RFC7517)

[lggomez]

Migrated from dgrijalva/jwt-go#249:

dgrijalva commented on Mar 8, 2018

How far down the rabbit hole should we go with this?

See the issue thread for more details

[lggomez]

This is a very large undertaking in the scope of this package IMO (as it has way more responsibilities including performing HTTP requests). Should we decide to implement this, I believe it should be done in a separate package using this one

[MicahParks]

I wrote a package for creating a jwt.Keyfunc. It's github.com/MicahParks/keyfunc.

This package does not create a JSON Web Key set (JWKs). It's only used for validating JWTs signed by a JSON Web Keys in the set. It can optionally grab and automatically refresh the JWKs via HTTP with a couple configuration options.

It's currently a separate package that supports a few github.com/dgrijalva/jwt-go forks including this one. Each fork must be explicitly supported as the signature of jwt.Keyfunc contains an argument that is a Go struct, *jwt.Token, not an interface implementation.

type Keyfunc func(*Token) (interface{}, error)

I'd be happy to contribute a modification of my keyfunc package to this repository, if requested. This would not bring the repository to fully supporting JWKs though, as I don't believe it has the ability to create one.

Here's the example from the original issue.

[greatcat-taihe]

It's useful parse apple sign in token.

[AlexanderYastrebov]

It would be interesting to support JWKs url file as a key in the jwt tool.