fix: include kid in jwks response

2026-03-03 21:32:03 +00:00 · 2026-03-03 22:45:24 +02:00
parent 189ad7115a
commit de980815ce
1 changed files with 12 additions and 0 deletions
--- a/internal/service/oidc_service.go
+++ b/internal/service/oidc_service.go
@@ -8,6 +8,7 @@ import (
 	"crypto/sha256"
 	"crypto/x509"
 	"database/sql"
+	"encoding/base64"
 	"encoding/json"
 	"encoding/pem"
 	"errors"
@@ -665,10 +666,21 @@ func (service *OIDCService) Cleanup() {
 }

 func (service *OIDCService) GetJWK() ([]byte, error) {
+	hasher := sha256.New()
+
+	der := x509.MarshalPKCS1PublicKey(&service.privateKey.PublicKey)
+
+	if der == nil {
+		return nil, errors.New("failed to marshal public key")
+	}
+
+	hasher.Write(der)
+
 	jwk := jose.JSONWebKey{
 		Key:       service.privateKey,
 		Algorithm: string(jose.RS256),
 		Use:       "sig",
+		KeyID:     base64.URLEncoding.EncodeToString(hasher.Sum(nil)),
 	}

 	return jwk.Public().MarshalJSON()