server/plugins/openid/routes/jwks.ts

import { auth } from "@/api";
import { describeRoute } from "hono-openapi";
import { resolver } from "hono-openapi/zod";
import { exportJWK } from "jose";
import { z } from "zod";
import type { PluginType } from "../index.ts";

export default (plugin: PluginType): void => {
    plugin.registerRoute("/.well-known/jwks", (app) =>
        app.get(
            "/.well-known/jwks",
            describeRoute({
                summary: "JWK Set",
                tags: ["OpenID"],
                responses: {
                    200: {
                        description: "JWK Set",
                        content: {
                            "application/json": {
                                schema: resolver(
                                    z.object({
                                        keys: z.array(
                                            z.object({
                                                kty: z.string().optional(),
                                                use: z.string(),
                                                alg: z.string(),
                                                kid: z.string(),
                                                crv: z.string().optional(),
                                                x: z.string().optional(),
                                                y: z.string().optional(),
                                            }),
                                        ),
                                    }),
                                ),
                            },
                        },
                    },
                },
            }),
            auth({
                auth: false,
            }),
            plugin.middleware,
            async (context) => {
                const jwk = await exportJWK(
                    context.get("pluginConfig").keys?.public,
                );

                // Remove the private key 💀
                jwk.d = undefined;

                return context.json(
                    {
                        keys: [
                            {
                                ...jwk,
                                use: "sig",
                                alg: "EdDSA",
                                kid: "1",
                            },
                        ],
                    },
                    200,
                );
            },
        ),
    );
};
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`import { auth } from "@/api";`
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions 2025-03-29 03:30:06 +01:00			`import { describeRoute } from "hono-openapi";`
			`import { resolver } from "hono-openapi/zod";`
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`import { exportJWK } from "jose";`
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions 2025-03-29 03:30:06 +01:00			`import { z } from "zod";`
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`import type { PluginType } from "../index.ts";`

refactor: :recycle: Always use explicit types in every function 2024-11-02 00:43:33 +01:00			`export default (plugin: PluginType): void => {`
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`plugin.registerRoute("/.well-known/jwks", (app) =>`
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions 2025-03-29 03:30:06 +01:00			`app.get(`
			`"/.well-known/jwks",`
			`describeRoute({`
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`summary: "JWK Set",`
fix(api): :bug: Add tags to all API routes that were missing one 2025-03-28 22:12:07 +01:00			`tags: ["OpenID"],`
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`responses: {`
			`200: {`
			`description: "JWK Set",`
			`content: {`
			`"application/json": {`
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions 2025-03-29 03:30:06 +01:00			`schema: resolver(`
			`z.object({`
			`keys: z.array(`
			`z.object({`
			`kty: z.string().optional(),`
			`use: z.string(),`
			`alg: z.string(),`
			`kid: z.string(),`
			`crv: z.string().optional(),`
			`x: z.string().optional(),`
			`y: z.string().optional(),`
			`}),`
			`),`
			`}),`
			`),`
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`},`
			`},`
			`},`
			`},`
			`}),`
refactor(api): :recycle: Move from @hono/zod-openapi to hono-openapi hono-openapi is easier to work with and generates better OpenAPI definitions 2025-03-29 03:30:06 +01:00			`auth({`
			`auth: false,`
			`}),`
			`plugin.middleware,`
refactor(plugin): :truck: Move JWKS well-known endpoint to OpenID plugin 2024-10-07 12:52:22 +02:00			`async (context) => {`
			`const jwk = await exportJWK(`
			`context.get("pluginConfig").keys?.public,`
			`);`

			`// Remove the private key 💀`
			`jwk.d = undefined;`

			`return context.json(`
			`{`
			`keys: [`
			`{`
			`...jwk,`
			`use: "sig",`
			`alg: "EdDSA",`
			`kid: "1",`
			`},`
			`],`
			`},`
			`200,`
			`);`
			`},`
			`),`
			`);`
			`};`