Merge pull request #637 from govuk-one-login/OLH-3836-stub-jwks-json

OLH-3836: Add /.well-known/jwks.json stub route

Author: danacotoran

src/amc/amc-routes.ts

@@ -1,4 +1,6 @@
 import { APIGatewayProxyEvent } from "aws-lambda";
+import { generateJwks } from "./utils/generate-jwks";
+
 
 export const handler = async (event: APIGatewayProxyEvent) => {
   if (event.path === "/status") {
@@ -8,6 +10,17 @@ export const handler = async (event: APIGatewayProxyEvent) => {
     };
   }
 
+  if (event.path === "/.well-known/jwks.json" && event.httpMethod === "GET") {
+    const jwks = await generateJwks();
+    return {
+      statusCode: 200,
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify(jwks),
+    };
+  }
+
   return {
     statusCode: 404,
     body: JSON.stringify({ error: "Not Found" }),

src/amc/utils/generate-jwks.ts

@@ -0,0 +1,27 @@
+import * as jose from "jose";
+import { randomUUID } from "node:crypto";
+
+let cachedJWK: unknown | null = null;
+
+export async function generateJwks() {
+  if (cachedJWK) {
+    return cachedJWK;
+  }
+
+  const { publicKey } = await jose.generateKeyPair("RSA-OAEP-256");
+
+  const publicJwk = await jose.exportJWK(publicKey);
+
+  cachedJWK = {
+    keys: [
+      {
+        ...publicJwk,
+        kid: randomUUID(),
+        alg: "RSA-OAEP-256",
+        use: "enc",
+      },
+    ],
+  };
+
+  return cachedJWK;
+}

template.yaml

@@ -1380,6 +1380,13 @@ Resources:
             Method: GET
             RestApiId:
               Ref: AmcStubsRestApi
+        jwks:
+          Type: Api
+          Properties:
+            Path: /.well-known/jwks.json
+            Method: GET
+            RestApiId:
+              Ref: AmcStubsRestApi
       VpcConfig:
         SubnetIds:
           - Fn::ImportValue: !Sub ${VpcStackName}-PrivateSubnetIdA