In our OIDC specs, we stated that client JWKS endpoints need to be publicly accessible by any traffic. This means that any person or machine connected to the internet should be able to access your JWKS endpoint without restriction (think google.com).
If this is a concern for your organisation, you can simply opt for the alternative of hosting the JWKS object with us. This can be done by raising a Service Request with us.
Comments
1 comment
If hosting the JWKS with NDI team, can I know what is NDI team turnaround time for updating of the keys from the time of raising Service Request?
Please sign in to leave a comment.