JKU in JWT Header
We have a 3rd party integration to whom we are sending our JWTs, they have prescribed they need the JKU populated in the JWT header for them to correctly verify the token. I seem to be struggling to find any documentation or mention of how or even if it is possible to configure the jku header in the JWT. Is there a way to get the jku header to be populated correctly?
version 1.22.2
I'm sure the support guys will chime in shortly but you can modify the JWT information with lambdas. Here is the link...
We're already using that to populate claims details, but the documentation implies this is the JWT payload only and not the header
You cannot modify JWT headers with a lambda. I can update the documentation to make that clearer.
Please fee free to file an issue with your use case: https://github.com/fusionauth/fusionauth-issues/issues
Here's our general roadmap guidance: https://fusionauth.io/docs/v1/tech/core-concepts/roadmap/
I suppose one other option would be for you to have FusionAuth generate the JWT, then proxy the JWT, get the contents, add the JKU header, and then re-sign it. A brief googling indicates Kong can do this, maybe? https://docs.konghq.com/hub/kong-inc/jwt-signer/
I also updated the documentation to make current limitations clearer: https://github.com/FusionAuth/fusionauth-site/pull/575
Hope this helps.
Updated the JWT populate lambda doc to make it clear that headers aren't modifiable at the present time: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/