...
| Code Block | ||
|---|---|---|
| ||
{
"<entity-entity-identifier>": {
"entity_types": [
"federation_entity",
"openid_credential_entity",
"oauth_authorization_server"
],
"jwks":
}
} |
...
- Change <entity-entity-identifier> to the entity_id of the entity
In OIDF the In OIDF the metadata object inside the Entity Configuration is structured by federation entity types, and each corresponds to a role that an entity can play.
The specification defines the following standard metadata types. insert the one that corresponds with the entity:
federation_entity- Mandatory for every participant.
- Contains federation-related endpoints such as
federation_fetch_endpoint,federation_resolve_endpoint,federation_list_endpoint, and optionallyfederation_trust_mark_endpoint, etc.
openid_relying_party- Used when the entity is a Relying Party.
- Contains metadata (like
redirect_uris,application_type, etc.), similar to OIDC Dynamic Client Registration metadata.
openid_provider- Used when the entity is an OpenID Provider.
- Contains metadata (like
authorization_endpoint,token_endpoint,userinfo_endpoint,jwks_uri, supported algorithms, etc.), aligned with OIDC Discovery.
oauth_authorization_server- Used when the entity acts as a generic OAuth 2.0 Authorization Server.
- Contains metadata per RFC 8414 (OAuth 2.0 Authorization Server Metadata).
- Open the file in a text editor of your choice
- Move the Public Keys into
jwks:- Locate the
"keys"array in theentity configuration - Move it inside the
"jwks"section
- Locate the
The
...
file
...
should
...
look
...
like
...
this:
| Code Block |
|---|
{ |
...
"https://entity.example.com": { |
...
"entity_types": [ |
...
"federation_entity", |
...
"openid_credential_entity", |
...
"oauth_authorization_server" |
...
], |
...
"jwks": { |
...
"keys": [ |
...
{ |
...
...
"kty": "RSA", |
...
"use": "sig", |
...
"kid": "example-kid", |
...
...
"n": "example-n-value", |
...
...
"e": "AQAB" |
...
} |
...
] |
...
} |
...
} } |
...
Option 2: One-Liner Command (Automated)
...