Make "use" and "alg" fields optional for JWK endpoints in custom verifiers

I’d like to use a JWKS endpoint that doesn’t specify them ( ). Attempting to resulted in an invalid jwks error, and I suspect the missing “use” and “alg” fields are why.

According to the JWK spec RFC 7515, the “use” and “alg” fields are optional.

Would it be possible to support this?

@smoothstacks Thanks for your question.

Your request has been forwarded to our team and we will get back with further updates once more information becomes available.

We currently operationalise Go’s standard library for JWTs which requires them in the JWKs.

There are two alternative to this:

  1. Use a proxy, say Firebase or Auth0 and use their JWKs instead
  2. Deploy your own JWKs and toss that in instead of an endpoint