ExMCP.Plugs.JWKS (ex_mcp v0.10.0)

View Source

Serves a JSON Web Key Set (JWKS) for token signature verification.

This plug serves the /.well-known/jwks.json endpoint, allowing clients and resource servers to discover the public keys used to verify token signatures.

Usage

With static keys:

plug ExMCP.Plugs.JWKS, keys: [%{"kty" => "RSA", "n" => "...", "e" => "..."}]

With a dynamic key provider function:

plug ExMCP.Plugs.JWKS, keys_fn: fn -> MyApp.KeyStore.get_public_keys() end

With JOSE JWK structs (requires :jose dependency):

jwk = JOSE.JWK.generate_key({:rsa, 2048})
plug ExMCP.Plugs.JWKS, keys: [jwk]

Options

  • :keys - A static list of key maps or JOSE.JWK structs.
  • :keys_fn - A zero-arity function that returns a list of key maps at call time. Takes precedence over :keys if both are provided.

Summary

Functions

get_keys(arg1)

Retrieves keys from either the static list or the dynamic function.

to_jwk_map(jose_jwk)

Converts a key to a JWK map suitable for inclusion in a JWKS response.

Functions

get_keys(arg1)

@spec get_keys(map()) :: {:ok, [map()]} | {:error, term()}

Retrieves keys from either the static list or the dynamic function.

to_jwk_map(jose_jwk)

@spec to_jwk_map(map() | struct()) :: map()

Converts a key to a JWK map suitable for inclusion in a JWKS response.

Handles plain maps (returned as-is), JOSE.JWK structs (converted to public key map), and other formats.