Skip to content

Add JWKS endpoint for one login#2181

Open
stephencdaly wants to merge 3 commits into
mainfrom
add-jwks-endpoint-for-one-login
Open

Add JWKS endpoint for one login#2181
stephencdaly wants to merge 3 commits into
mainfrom
add-jwks-endpoint-for-one-login

Conversation

@stephencdaly

@stephencdaly stephencdaly commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What problem does this pull request solve?

Trello card: https://trello.com/c/qwLQt9Ur

Add a publicly accessible endpoint that returns a JSON Web Key Set (JWKS) to share our public key with GOV.UK One Login.

I've tested that this works on the dev environment.

Things to consider when reviewing

  • Ensure that you consider the wider context.
  • Does it work when run on your machine?
  • Is it clear what the code is doing?
  • Do the commit messages explain why the changes were made?
  • Are there all the unit tests needed?
  • Do the end to end tests need updating before these changes will pass?
  • Has all relevant documentation been updated?

@stephencdaly
Generate JWK for One Login public key
46b8549 
As part of the omniauth initializer, resolve the public key from the
private key and convert it to JWK format. Store this on the
application config so that we can retrieve it later when we need to
serve it from the JWKS endpoint.

Set the JWK kid on the omniauth configuration so it is sent with
requests to One Login.
@stephencdaly
Add JKWS endpoint for GOV.UK One Login public key
05578fc 
Add a publicly accessible endpoint that returns a JSON Web Key Set
(JWKS) to share our public key with GOV.UK One Login.
@stephencdaly
Use JWK thumbprint as the kid
07a9d12 
The kid is used to identify individual keys returned by the JWKS
endpoint. As per the documentation for the gem
(https://github.com/jwt/ruby-jwt) we can use the standardised JWK
thumbprint as the kid for the JWK rather than the legacy custom
approach the gem uses by default.
@stephencdaly stephencdaly force-pushed the add-jwks-endpoint-for-one-login branch from 2ff845e to 07a9d12 Compare June 25, 2026 10:51
@github-actions

github-actions Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

🎉 A review copy of this PR has been deployed! You can reach it at: https://pr-2181.submit.review.forms.service.gov.uk/

It may take 5 minutes or so for the application to be fully deployed and working. If it still isn't ready
after 5 minutes, there may be something wrong with the ECS task. You will need to go to the integration AWS account
to debug, or otherwise ask an infrastructure person.

For the sign in details and more information, see the review apps wiki page.

@stephencdaly stephencdaly changed the title Add jwks endpoint for one login Add JWKS endpoint for one login Jun 25, 2026
@stephencdaly stephencdaly marked this pull request as ready for review June 25, 2026 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DavidBiddle DavidBiddle Awaiting requested review from DavidBiddle
@theseanything theseanything Awaiting requested review from theseanything

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stephencdaly