JWKS endpoint set CORS

pnoel · January 5, 2021, 10:55am

Hello Greetings,

I’m using auth0.js library in my SPA.

I would like to know is it possible to set CORS origin for JWKS endpoint https://MY_AUTH0_DOMAIN/.well-known/jwks.json

If so where can I set the CORS origin of my application (eg: https://abc.com) for the JWKS endpoint so that only that application is able to make the call to the JWKS endpoint

Thanks in advance.

Regards
Noel

john.gateley · January 5, 2021, 2:01pm

Hi @pnoel

What is the use case for this? The JSON web key set is designed to be publically consumed, why are you hiding it?

John

pnoel · January 6, 2021, 7:10am

Hi @john.gateley

Thanks for your reply.

The use case was I wanted the JWKS endpoint to be called from my web application origin alone. and not to be called from another unknown web application origin to add an extra level of security.

So my understanding is there’s no way to set the CORS for JWKS endpoint since it’s designed that way.

Thank you for your clarification,

Noel

konrad.sopala · January 7, 2021, 3:44pm

We are here for you!

system · January 22, 2021, 3:44pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Jwks.json CORS issue Help auth0js , login , cors	2	4968	March 2, 2018
No 'Access-Control-Allow-Origin' header is present on the requested resource Help cors	33	14693	January 28, 2021
Regression: The .well-known/jwks.json file throws 502 Bad Gateway Help auth0	5	3666	February 4, 2021
"Unknown Host" message when trying to access jwks endpoint Help apis , application	2	476	March 14, 2024
Basic question about JWKS URL Help login-experience , new-universal-login-experience	4	539	July 30, 2024

JWKS endpoint set CORS

Related topics