jose4j 会自动处理 Azure 签名密钥更新吗?

Does jose4j take care of Azure Signing Key rollover automatically?

我正在我的 Java 应用程序中实施 jose4j 以验证 Azure 颁发的访问令牌的签名。 该应用程序运行良好,但是,我遇到了有关 Signing Key rollover 的文档。使用 HttpsJwksVerificationKeyResolver 时,jose4j 会自动处理吗?

我目前正在使用以下代码片段构建 JwtConsumer

String azureKeyDiscoveryUrl =
                "https://login.microsoftonline.com/{my-tenant-id}/discovery/keys";
HttpsJwks azureKeyDiscovery = new HttpsJwks(azureKeyDiscoveryUrl);

HttpsJwksVerificationKeyResolver azureJwksKeyResolver = new HttpsJwksVerificationKeyResolver(azureKeyDiscovery);

JwtConsumer azureJwtConsumer = new JwtConsumerBuilder()
                .setRequireExpirationTime()
                .setAllowedClockSkewInSeconds(30)
                .setRequireIssuedAt()
                .setRequireNotBefore()
                .setVerificationKeyResolver(azureJwksKeyResolver)
                .setExpectedAudience("my-audience")
                .setJwsAlgorithmConstraints(new AlgorithmConstraints(
                        AlgorithmConstraints.ConstraintType.WHITELIST, AlgorithmIdentifiers.RSA_USING_SHA256))
                .build();
JwtClaims claims = azureJwtConsumer.processToClaims("tokenStringHere");

是的,假设 Azure 使用 https://login.microsoftonline.com/{my-tenant-id}/discovery/keys 端点执行 right/reasonable 操作,我认为他们会这样做,它会起作用。