Skip to main content

addjwks

Adding JSON Web Keys to MistServer

This call can be used to add JWKS to MistServer without running the risk of deleting others. Should you attempt to add an existing JWKS it will be overwritten with the new values.

The response is the newly added JWK.

This call allows you to add a JWK to MistServer. JWK should follow the documentation as described in the jwt documentation or see the JWT example for an example use.

The jwks call always expects an array with the jwks information followed by the permissions. For the jwk documentation we recommend reading up on RFC 7517

Any required parameters by setting kty or alg should be followed accordingly. The RFC 7518 - JSON Web Algorithm is referenced as it describes the practical information.

tip

While not required we recommend adding an unique kid to each JWK as well, this can be used to match configured JWKs for editing/deleting. Should a JWK be added with the same kid as a current existing one the new JWK will replace the old one.

The permission part should mention:

  • input - true key may be used to push into MistServer, false key may not be used to push into MistServer.
  • output - true key may be used to watch from MistServer, false no viewing.
  • stream - * all streams, ["array","of","streams"] for a list of streams affected by the token
  • Not implemented yet admin- true whether this key may be used as authorization for the API/interface.
{
    "addjwks": [
        [
            {
                "alg": "HS256",
                "k": "KEY",
                "kid": "UNIQUESTRING",
                "key_ops": [
                    "sign",
                    "verify"
                ],
                "kty": "oct"
            },
            {
                "input": true,
                "output": true,
                "admin": true,
                "stream": ""
            }
        ]
    ]
}

Example of a jwks with multiple keys and using an url.

    "addjwks": [
        [
            {
                "alg": "HS256",
                "k": "KEYEXAMPLE1",
                "kid": "UNIQUESTRING",
                "key_ops": [
                    "sign",
                    "verify"
                ],
                "kty": "oct"
            },
            {
                "admin": true,
                "input": true,
                "output": true,
                "stream": [ 
                    "example",
                    "example2"
                ]
            }
        ],
        [
            {
                "alg": "HS256",
                "k": "KEYEXAMPLE2",
                "kid": "UNIQUESTRING",
                "key_ops": [
                    "sign",
                    "verify"
                ],
                "kty": "oct"
            },
            {
                "admin": false,
                "input": true,
                "output": true,
                "stream": "*"
            }
        ],
        [
            "https://example.com",
            {
                "admin": true,
                "input": true,
                "output": true,
                "stream": "*"
            }
        ]
    ]