Skip to content

fix: use tenant-specific JWKS endpoint#441

Merged
dhcrees merged 2 commits into
mainfrom
fix/tenant-specific-jwks
Jul 2, 2026
Merged

fix: use tenant-specific JWKS endpoint#441
dhcrees merged 2 commits into
mainfrom
fix/tenant-specific-jwks

Conversation

@dhcrees

@dhcrees dhcrees commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • derive the Azure JWKS endpoint from the configured tenant id instead of always using the common endpoint
  • keep a cached remote JWK set per tenant, with common as the fallback only when no tenant is supplied
  • add unit tests covering tenant-specific and fallback JWKS resolution

@dhcrees dhcrees requested review from Cullima and matthew2564 July 1, 2026 13:01

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates JWT verification in @dvsa/appdev-api-common to resolve Microsoft Azure AD JWKS endpoints per tenant, instead of always using the common endpoint, and adds unit tests for tenant-specific vs fallback behavior.

Changes:

  • Derive the JWKS endpoint from the configured tenant ID (fallback to common when absent).
  • Cache a createRemoteJWKSet instance per tenant to avoid rebuilding fetchers.
  • Add Jest unit tests for tenant-specific and fallback JWKS resolution; bump package patch version.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
packages/appdev-common/src/auth/verify-jwt.ts Adds tenant-derived JWKS URL selection and per-tenant caching for remote JWK sets.
packages/appdev-common/src/auth/tests/verify-jwt.spec.ts Adds unit tests for tenant-specific vs common JWKS URL selection.
packages/appdev-common/package.json Bumps package version to 2.0.2.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/appdev-common/src/auth/verify-jwt.ts
Comment thread packages/appdev-common/src/auth/__tests__/verify-jwt.spec.ts
@matthew2564

Copy link
Copy Markdown
Contributor

Looks fine but you'll need to run npm i inside the package folder in order to update the lock file version

@dhcrees dhcrees merged commit 7f42e16 into main Jul 2, 2026
4 checks passed
@dhcrees dhcrees deleted the fix/tenant-specific-jwks branch July 2, 2026 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants