envoyproxy/envoy

jwt authn filter: re-retrieve the keys when it sees an unfamiliar kid value.

Open

#39,643 opened on May 27, 2025

View on GitHub
 (10 comments) (3 reactions) (0 assignees)C++ (5,373 forks)batch import
area/jwt_authnenhancementhelp wantedno stalebot

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (Avg merge 8d) (378 merged PRs in 30d)

Description

Title: One line description

Description: The jwt authn filter should try to re-fetch the keys if it encounters an unknown key. This allows the jwt authn filter work with a provider that rotates keys (for example, Zitadel).

[optional Relevant Links:] https://github.com/envoyproxy/gateway/issues/4180

Contributor guide