Skip to content

feat: add issuer claim and RFC 8414 metadata endpoint#2

Merged
paullatzelsperger merged 2 commits into
mainfrom
feat/add_rfc8414_metadata_endpoint
Jun 5, 2026
Merged

feat: add issuer claim and RFC 8414 metadata endpoint#2
paullatzelsperger merged 2 commits into
mainfrom
feat/add_rfc8414_metadata_endpoint

Conversation

@paullatzelsperger

@paullatzelsperger paullatzelsperger commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Issued tokens now carry an iss claim identifying jwtlet as the authorization server (previously empty). The issuer is jwtlet itself, not the subject token's original issuer (which remains in act.iss) and not Vault, whose transit engine is only the signing primitive.
  • Adds a new top-level issuer config value (required, must be a valid URL), wired into TokenExchangeService and validated at startup.
  • Exposes an RFC 8414 authorization server metadata document at GET /.well-known/oauth-authorization-server on the token-exchange port (default 8080), advertising issuer, token_endpoint, jwks_uri, grant_types_supported, and token_endpoint_auth_methods_supported.

Changes

  • jwtlet-core: TokenExchangeService gains an issuer field; issued TokenClaims now set iss.
  • jwtlet-server: new meta module with AuthorizationServerMetadata + handler; route registered on the exchange API; issuer added to config with validation; assembly/main wiring.
  • e2e manifest: top-level issuer added to jwtlet-config.yaml.
  • e2e tests: new metadata.rs verifying the metadata document contents and the JWKS endpoint.

@paullatzelsperger paullatzelsperger merged commit b0de670 into main Jun 5, 2026
5 checks passed
@paullatzelsperger paullatzelsperger deleted the feat/add_rfc8414_metadata_endpoint branch June 5, 2026 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants