Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hello. Is there a configuration pattern used for Hydra and Oathkeeper to share JWKS keys? I would like to have a single well-known jwks endpoint for the hydra-kratos-oathkeeper stack. We are using the ory/k8s helm charts, and there seems to be a parameter in the Oathkeeper chart to set `mutatorIdTokenJWKs`  , however I don't know how I would point that at the hydra JWKs. Using the hydra jwks well-known endpoint won't work as it only contains the public keys (not those used for signing). Is there a pattern to share the private keys between Hydra and Oathkeeper in kubernetes, or am I better off trying to use a remote_json handler to try and get the id_token from Hydra manually?