https://github.com/curityio/client-assertions-with-jwks-uri
API security requiring clients to use strong authentication, via client assertions (RFC7521, RFC7523)
https://github.com/curityio/client-assertions-with-jwks-uri
api client-assertion code-example financial-grade jwks-uri oauth2 zero-trust
Last synced: 10 months ago
JSON representation
API security requiring clients to use strong authentication, via client assertions (RFC7521, RFC7523)
- Host: GitHub
- URL: https://github.com/curityio/client-assertions-with-jwks-uri
- Owner: curityio
- License: apache-2.0
- Created: 2022-04-28T16:30:58.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2023-09-14T11:28:05.000Z (over 2 years ago)
- Last Synced: 2025-03-25T14:46:14.611Z (about 1 year ago)
- Topics: api, client-assertion, code-example, financial-grade, jwks-uri, oauth2, zero-trust
- Language: JavaScript
- Homepage: https://curity.io/resources/learn/client-assertions-jwks-uri/
- Size: 18.6 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Client Assertions and the JWKS URI
A code example to demonstrate an end-to-end solution using client assertions and a JWKS URI.\
This strong security option could be used for many security use cases, such as B2B APIs.
## Instructions
First ensure that Docker Desktop and Node.js are installed.
### Generate an Asymmetric Keypair
From the root folder, run these commands to generate a PS256 public and private key:
```bash
cd keydistribution
npm install
npm start
```
### Host a JWKS URI
From the root folder, run these commands to host a JSON Web Key Set (JWKS) via a simple Node.js API:
```bash
cd jwks
npm install
npm start
```
Then run this command in another terminal window to download the public keys:
```bash
curl http://localhost:3000/.well-known/jwks
```
### Deploy the Curity Identity Server
From the root folder, run these commands to deploy a Docker based instance.\
Then login to the Admin UI with credentials `admin / Password1` and complete the initial setup.
```bash
cd idsvr
docker compose up
```
Select the Changes / Upload option, then import and merge the `idsvr/import.xml` file.
### Send a Client Assertion
From the root folder, use these commands to send a client assertion from the simple console client:
```bash
cd client
npm install
npm start
```
### Call the Secured API
The client then authenticates successfully and receives an access token.\
The demo client outputs a simple debug message, whereas a real client would continue by calling an API:
```text
Calling API with access token: _0XBPWQQ_804cc417-cb17-4ad1-a86f-00895c2b9cdb
```
The API would then receive a JWT access token in the standard way.\
Using client assertions has no impact on the API's code, and no special infrastructure is needed.
## Website Documentation
See the [API Access via JWT Assertions](https://curity.io/resources/learn/api-jwt-assertions) for further details on the end-to-end solution.
## More Information
Please visit [curity.io](https://curity.io/) for more information about the Curity Identity Server.