I want to implement a small authorization service on JWT tokens My steps :
- Tokens will be signed by the RSA
- Store keys I want to delegate to Vault, and I want Vault to automatically generate new keys
- Authorization Service will pull the current private key from Vault, release jwt token with jku header (url public key in Vault) and kid header (public key ID)
- The verification service goes to Vault and with jku and kid gets the actual public key, then validates the token
How relevant and appropriate is such a scheme ? Does Vault have such a case for its use ?
