Identity server - How to override jwks file manually?

Question

I used identity server 4 in my project.

I separated projects and my identity server running as microservice. I want to clone/publish my identity server to a new device(server). My refresh tokens not expiring. I didn't use any signing credential and i guess my signatures created automatically.

When I try to get a new bearer token with an old refresh token. I'm getting bearer token successfully. But when i try to call authorized api endpoint with new bearer token, I'm getting 401 unauthorized error. And error like this "the signature key was not found". And my users getting 401 unauthorized errors.

When I research that issue I guess I should update ".well-known/openid-configuration/jwks" with old identity server jwks. But I didn't find any way to update jwks file. Is there any way to set jwks file manually?

I try to update jwks for each identity client like that. (not working)

var secret2 = new Secret
            {
                Type = IdentityServerConstants.SecretTypes.JsonWebKey,
                Value = "{'e':'AQAB','kid':'kf8srXoS7Gy2Bs-Ud9tw-Q','kty':'RSA','n':'xxx'}"
            };

 

Answer 1

The correct approach for IdentityServer in production is to add your own signing key using the AddSigningCredential method in Startup.cs.

Otherwise, you will have problems.

see:

• https://devblogs.microsoft.com/dotnet/asp-net-core-authentication-with-identityserver4/
• http://docs.identityserver.io/en/latest/topics/startup.html
• AddSigningCredential for IdentityServer4