Hello Greetings,
I’m using auth0.js library in my SPA.
I would like to know is it possible to set CORS origin for JWKS endpoint https://MY_AUTH0_DOMAIN/.well-known/jwks.json
If so where can I set the CORS origin of my application (eg: https://abc.com) for the JWKS endpoint so that only that application is able to make the call to the JWKS endpoint
Thanks in advance.
Regards
Noel
Hi @pnoel
What is the use case for this? The JSON web key set is designed to be publically consumed, why are you hiding it?
John
Thanks for your reply.
The use case was I wanted the JWKS endpoint to be called from my web application origin alone. and not to be called from another unknown web application origin to add an extra level of security.
So my understanding is there’s no way to set the CORS for JWKS endpoint since it’s designed that way.
Thank you for your clarification,
Noel
We are here for you!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.