This is a OIDC "Federated credentials/Workload identity federation" example application, used for generating JWT's which can be used against different IDP's(Entra ID, AWS, GCP) to exchange for a token on their end to consume API's. The application is hacked together a saturday evening, and i havent even read the OIDC specification, so no gurantees here besides it works with Entra ID atm.
/token used for getting a token from the app. NB; this is a sensitive endpoint, the application makes no attempt at protecting this, so this is your job.
/.well-known/openid-configuration OIDC discovery endpoint, should be available to the IDP which you are federating with, to exchange tokens.
/.well-known/jwks The JKWS which the jwt's are signed from in public format(no private notations)
- Support custom
aud(currently hardcoded to Entra ID value) by either env or when GET to the/token - Support custom/dynamic
sub(currently hardcoded tothetoken) by either env or when GET to the/token - Support locking down the
/tokenwith mtls or similar.