*What*
* Implement the function. It should be similar to the Android implementation
* It should have unit tests
* The example app should be updated to allow verify the implementation
Note: Keycloak is using RSA to sign the JWT tokens so we must use this algorithm when verifying. There doesn't seem to be a library that supports parsing of JWKs so we need to do this ourselves.
Another option was to contribute upstream to Keycloak to include the `x5c` property in the JWKS response from the JWKS endpoint but they have rejected these feature requests before. See -> https://issues.jboss.org/browse/KEYCLOAK-3166
It's possible to do JWT verification from the example shown in this [PR|https://github.com/aerogear/aerogear-ios-sdk/pull/53#issuecomment-375631682]. We just need that library to be published as the `git` reference is no longer supported in podspecs. An issue has been opened [here|https://github.com/kreactive/JSONWebToken/issues/9] |
|
