How to support Key Rotation in NestJs? | NestJS | Page 1

subtle perch Dec 23, 2024, 4:48 PM

#

Hi, I am working on the project that has one resource server and multiple other server. I want to authenticate using JWT(RS256). I want to support key rotation in the resource server ( planned to expose jwks on an endpoint ). How can I do it?, Thanks.

haughty orchid Dec 23, 2024, 4:51 PM

#

Pretty sure the jsonwebtoken package that @nestjs/jwt uses under the hood supports jwks by default

#

Or here's a StackOverflow question that has two answers to it that look promising

subtle perch Dec 23, 2024, 5:25 PM

#

Thanks,
Sorry I think the package doesn't have one(https://github.com/auth0/node-jsonwebtoken). But even though i use some other package like https://www.npmjs.com/package/rsa-pem-to-jwk, how can i maintain 2 keys ( current and future ) and expose it to other servers ?, Thanks.

GitHub

GitHub - auth0/node-jsonwebtoken: JsonWebToken implementation for n...

JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html - auth0/node-jsonwebtoken

npm

rsa-pem-to-jwk

Converts PEM encoded RSA public and private keys to the JWK (JSON Web Key) format.. Latest version: 1.1.3, last published: 10 years ago. Start using rsa-pem-to-jwk in your project by running npm i rsa-pem-to-jwk. There are 23 other projects in the npm registry using rsa-pem-to-jwk.

frail hare Jan 6, 2025, 8:18 AM

#

@subtle perch when you are using openid connect, you can use the jwk_uri where you can offer multiple keys that can be used. It is important that you are using a jti in your key, so you know which key should be used when verifying the signature (it should be the kid in the JWT)

#How to support Key Rotation in NestJs?