{"id":22268226,"url":"https://github.com/curityio/client-assertions-with-jwks-uri","last_synced_at":"2025-08-01T09:42:21.296Z","repository":{"id":74437456,"uuid":"486670582","full_name":"curityio/client-assertions-with-jwks-uri","owner":"curityio","description":"API security requiring clients to use strong authentication, via client assertions (RFC7521, RFC7523)","archived":false,"fork":false,"pushed_at":"2023-09-14T11:28:05.000Z","size":19,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-25T14:46:14.611Z","etag":null,"topics":["api","client-assertion","code-example","financial-grade","jwks-uri","oauth2","zero-trust"],"latest_commit_sha":null,"homepage":"https://curity.io/resources/learn/client-assertions-jwks-uri/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curityio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-28T16:30:58.000Z","updated_at":"2023-04-26T10:22:15.000Z","dependencies_parsed_at":"2023-02-26T18:31:43.819Z","dependency_job_id":null,"html_url":"https://github.com/curityio/client-assertions-with-jwks-uri","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/curityio/client-assertions-with-jwks-uri","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fclient-assertions-with-jwks-uri","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fclient-assertions-with-jwks-uri/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fclient-assertions-with-jwks-uri/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fclient-assertions-with-jwks-uri/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curityio","download_url":"https://codeload.github.com/curityio/client-assertions-with-jwks-uri/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Fclient-assertions-with-jwks-uri/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262419748,"owners_count":23308098,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","client-assertion","code-example","financial-grade","jwks-uri","oauth2","zero-trust"],"created_at":"2024-12-03T11:11:58.992Z","updated_at":"2025-06-28T11:04:56.411Z","avatar_url":"https://github.com/curityio.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Client Assertions and the JWKS URI\n\nA code example to demonstrate an end-to-end solution using client assertions and a JWKS URI.\\\nThis strong security option could be used for many security use cases, such as B2B APIs.\n\n## Instructions\n\nFirst ensure that Docker Desktop and Node.js are installed.\n\n### Generate an Asymmetric Keypair\n\nFrom the root folder, run these commands to generate a PS256 public and private key:\n\n```bash\ncd keydistribution\nnpm install\nnpm start\n```\n\n### Host a JWKS URI\n\nFrom the root folder, run these commands to host a JSON Web Key Set (JWKS) via a simple Node.js API:\n\n```bash\ncd jwks\nnpm install\nnpm start\n```\n\nThen run this command in another terminal window to download the public keys:\n\n```bash\ncurl http://localhost:3000/.well-known/jwks\n```\n\n### Deploy the Curity Identity Server\n\nFrom the root folder, run these commands to deploy a Docker based instance.\\\nThen login to the Admin UI with credentials `admin / Password1` and complete the initial setup.\n\n```bash\ncd idsvr\ndocker compose up\n```\n\nSelect the Changes / Upload option, then import and merge the `idsvr/import.xml` file.\n\n### Send a Client Assertion\n\nFrom the root folder, use these commands to send a client assertion from the simple console client:\n\n```bash\ncd client\nnpm install\nnpm start\n```\n\n### Call the Secured API\n\nThe client then authenticates successfully and receives an access token.\\\nThe demo client outputs a simple debug message, whereas a real client would continue by calling an API:\n\n```text\nCalling API with access token: _0XBPWQQ_804cc417-cb17-4ad1-a86f-00895c2b9cdb\n```\n\nThe API would then receive a JWT access token in the standard way.\\\nUsing client assertions has no impact on the API's code, and no special infrastructure is needed.\n\n## Website Documentation\n\nSee the [API Access via JWT Assertions](https://curity.io/resources/learn/api-jwt-assertions) for further details on the end-to-end solution.\n\n## More Information\n\nPlease visit [curity.io](https://curity.io/) for more information about the Curity Identity Server.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fclient-assertions-with-jwks-uri","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcurityio%2Fclient-assertions-with-jwks-uri","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Fclient-assertions-with-jwks-uri/lists"}