This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
This is just a proposal so far, it hasn't been accepted and needs further discussion.
We already have a jwks endpoint available in the Core, but it's exposed under a non-standard path and non standard format + it requires the core API key.
- Leave as-is
- Move endpoint in a new CDI version
- Duplicate it in the standard path not taking CDI version into account
- Add new endpoint on the standard path
We should move the JWKs endpoint in a new CDI version to a standard path:
- This will make it easier for people to use us with standard JWT verification libs on the backend
- This will allow the flexibility of users to be able to verify access tokens issued by SuperTokens in their backend APIs without also being forced to expose the JWKs endpoint from their API layer.
- It should not check the api key or send the extra "status" prop
- Conforming to standards is always a plus