This is pretty slick! It certainly appears this will meet our needs functionally, however I’m concerned if it will perform adequately.
A few questions:
- Above you say first key in JWK keys list, I assume you mean first matching kid/key in JWK keys list?
- This is RSA (slow) vs HMAC (fast), since every API request will validate the JWT at Tyk, will it perform satisfactorily with RSA?
- There will be 6000+ keys specified in the idp_jwks.json file, how will that perform - is it a map lookup or scan?