A code example to demonstrate an end-to-end solution using client assertions and a JWKS URI.
This strong security option could be used for many security use cases, such as B2B APIs.
First ensure that Docker Desktop and Node.js are installed.
From the root folder, run these commands to generate a PS256 public and private key:
cd keydistribution
npm install
npm start
From the root folder, run these commands to host a JSON Web Key Set (JWKS) via a simple Node.js API:
cd jwks
npm install
npm start
Then run this command in another terminal window to download the public keys:
curl http://localhost:3000/.well-known/jwks
From the root folder, run these commands to deploy a Docker based instance.
Then login to the Admin UI with credentials admin / Password1
and complete the initial setup.
cd idsvr
docker compose up
Select the Changes / Upload option, then import and merge the idsvr/import.xml
file.
From the root folder, use these commands to send a client assertion from the simple console client:
cd client
npm install
npm start
The client then authenticates successfully and receives an access token.
The demo client outputs a simple debug message, whereas a real client would continue by calling an API:
Calling API with access token: _0XBPWQQ_804cc417-cb17-4ad1-a86f-00895c2b9cdb
The API would then receive a JWT access token in the standard way.
Using client assertions has no impact on the API's code, and no special infrastructure is needed.
See the API Access via JWT Assertions for further details on the end-to-end solution.
Please visit curity.io for more information about the Curity Identity Server.