server/packages/api/routes/well-known/jwks.ts

import { config } from "@versia-server/config";
import { apiRoute, auth } from "@versia-server/kit/api";
import { describeRoute, resolver } from "hono-openapi";
import { exportJWK } from "jose";
import { z } from "zod/v4";

export default apiRoute((app) => {
    app.get(
        "/.well-known/jwks",
        describeRoute({
            summary: "JWK Set",
            tags: ["OpenID"],
            responses: {
                200: {
                    description: "JWK Set",
                    content: {
                        "application/json": {
                            schema: resolver(
                                z.object({
                                    keys: z.array(
                                        z.object({
                                            kty: z.string().optional(),
                                            use: z.string(),
                                            alg: z.string(),
                                            kid: z.string(),
                                            crv: z.string().optional(),
                                            x: z.string().optional(),
                                            y: z.string().optional(),
                                        }),
                                    ),
                                }),
                            ),
                        },
                    },
                },
            },
        }),
        auth({
            auth: false,
        }),
        async (context) => {
            const jwk = await exportJWK(config.authentication.keys.private);

            // Remove the private key 💀
            jwk.d = undefined;

            return context.json(
                {
                    keys: [
                        {
                            ...jwk,
                            use: "sig",
                            alg: "EdDSA",
                            kid: "1",
                        },
                    ],
                },
                200,
            );
        },
    );
});
refactor: :fire: Remove plugin functionality, move OpenID plugin to core 2025-07-07 05:52:11 +02:00			`import { config } from "@versia-server/config";`
			`import { apiRoute, auth } from "@versia-server/kit/api";`
			`import { describeRoute, resolver } from "hono-openapi";`
			`import { exportJWK } from "jose";`
			`import { z } from "zod/v4";`

			`export default apiRoute((app) => {`
			`app.get(`
			`"/.well-known/jwks",`
			`describeRoute({`
			`summary: "JWK Set",`
			`tags: ["OpenID"],`
			`responses: {`
			`200: {`
			`description: "JWK Set",`
			`content: {`
			`"application/json": {`
			`schema: resolver(`
			`z.object({`
			`keys: z.array(`
			`z.object({`
			`kty: z.string().optional(),`
			`use: z.string(),`
			`alg: z.string(),`
			`kid: z.string(),`
			`crv: z.string().optional(),`
			`x: z.string().optional(),`
			`y: z.string().optional(),`
			`}),`
			`),`
			`}),`
			`),`
			`},`
			`},`
			`},`
			`},`
			`}),`
			`auth({`
			`auth: false,`
			`}),`
			`async (context) => {`
			`const jwk = await exportJWK(config.authentication.keys.private);`

			`// Remove the private key 💀`
			`jwk.d = undefined;`

			`return context.json(`
			`{`
			`keys: [`
			`{`
			`...jwk,`
			`use: "sig",`
			`alg: "EdDSA",`
			`kid: "1",`
			`},`
			`],`
			`},`
			`200,`
			`);`
			`},`
			`);`
			`});`