Can I perform OpenID Connect ID token validation without the full OIDC protocol with Quarkus? #40583
Replies: 2 comments 4 replies
-
/cc @pedroigor (oidc), @sberyozkin (oidc) |
Beta Was this translation helpful? Give feedback.
-
By default, Assuming the ID token is passed as
HTH |
Beta Was this translation helpful? Give feedback.
-
In our infrastructure, the services are behind an API Gateway that performs OIDC authentication. We want our services to be able to validate the ID token passed by the API Gateway again without them having to be OIDC clients, i.e. we do not want any OIDC redirect or active token retrieval to happen on behalf of the service.
For this to work, the services will have to retrieve the public JWKS from the ID provider, though, or they won't be able to validate the token signature.
How can this be achieved? Do I have to use plain quarkus-smallrye-jwt and implement the endpoint discovery and token validation myself?
Beta Was this translation helpful? Give feedback.
All reactions