Skip to main content

jwks

Adding JSON Web Keys to MistServer

This call allows you to change all JWKS configured for MistServer. JWK should follow the documentation as described in the jwt documentation or see the JWT example for an example use.

If the jwks call is followed by an array or url it will overwrite the current jwks value with the new value. If any other value is passed the current jwks value is returned.

The jwks call always expects an array with the jwks information followed by the permissions. For the jwk documentation we recommend reading up on RFC 7517

Any required parameters by setting kty or alg should be followed accordingly. The RFC 7518 - JSON Web Algorithm is referenced as it describes the practical information.

tip

While not required, we recommend adding an unique kid to each JWK as well, this can be used to match configured JWKs for addjwks and deletejwks. Should a JWK be added with the same kid as a current existing one the new JWK will replace the old one.

The permission part should mention:

  • input - true key may be used to push into MistServer, false key may not be used to push into MistServer.
  • output - true key may be used to watch from MistServer, false no viewing.
  • stream - * all streams, ["array","of","streams"] for a list of streams affected by the token
  • Not implemented yet admin- true whether this key may be used as authorization for the API/interface.

The response is always the complete JWKS as configured now in MistServer.

{
    "jwks": [
        [
            {
                "alg": "HS256",
                "k": "KEY",
                "key_ops": [
                    "sign",
                    "verify"
                ],
                "kty": "oct"
            },
            {
                "input": true,
                "output": true,
                "admin": true,
                "stream": ""
            }
        ]
    ]
}

Example of a jwks with multiple keys and using an url.

    "jwks": [
        [
            {
                "alg": "HS256",
                "k": "KEYEXAMPLE1",
                "key_ops": [
                    "sign",
                    "verify"
                ],
                "kty": "oct"
            },
            {
                "admin": true,
                "input": true,
                "output": true,
                "stream": [ 
                    "example",
                    "example2"
                ]
            }
        ],
        [
            {
                "alg": "HS256",
                "k": "KEYEXAMPLE2",
                "key_ops": [
                    "sign",
                    "verify"
                ],
                "kty": "oct"
            },
            {
                "admin": false,
                "input": true,
                "output": true,
                "stream": "*"
            }
        ],
        [
            "https://example.com",
            {
                "admin": true,
                "input": true,
                "output": true,
                "stream": "*"
            }
        ]
    ]