Hi there - I am using
in conjunction with
on an express server to validate incoming JWTs using the kid passed in the JWT header and a jwks uri. That works fine when the jwks uri is hardcoded (via environment var or magic string), I can demonstrate that valid JWTs and various flavors of invalid (malformed, expired, from a different provider) JWT are handled appropriately.
However, my target use case is to have the jwks uri determined dynamically with information derived from the JWT and the request the JWT is attached to.
express-jwt#Params#secret can be a jwt.Secret or a GetVerificationKey with GetVerificationKey being a callback function. However, jwks-rsa#expressJwtSecret’s Options object specifies that jwksUri is a string - which leads me to believe that I can’t use jwks-rsa#expressJwtSecret for my use case, but I was able to use jwks-rsa#jwksClient to build out my own GetVerificationKey to use.
That being said, I’m pretty new to node and express - so I’m not sure if I’m missing something that will let me use the expressJwtSecret function for my case.
Let me know if more info is needed, and thank you!