Using a public certificate(s) generated by an IDP such as Okta or Azure (or using the JWKS url) in order to validate tokens

[Kkeller83]

I would like to replace the public key that is used in caprover with a public key set from another identity provider.
Now when I get the jwt token from e.g. okta or azure I can use that to login to caprover as caprover will be able to verifiy the signature with the new keys.

Could you help find the key material and where caprover generates or hosts it and how I can intercept in this process to place some other public key materterial please?

This way customers can take advantage of okta & azure etc. SSO style token aquiring and then use them to login to caprover.

[githubsaturn]

the public key that is used in caprover

What public key?

[Kkeller83]

These are for example thr public keys required to verify an jwt token coming from Azure https://login.microsoftonline.com/common/discovery/v2.0/keys

[githubsaturn]

CapRover doesn't use public key for jwt tokens, it uses a secret:

caprover/src/user/Authenticator.ts

Lines 112 to 118 in 0e86562

	return jwt.sign(
	{
	data: userObj,
	},
	self.encryptionKey + (keySuffix ? keySuffix : ''),
	{ expiresIn: '480h' }
	)

[githubsaturn]

Secret is a UUID stored as a docker swarm secret.