Web Keys - Beta Feature
Web Keys are used to verify and sign JWT tokens in the OIDC standard. Listening to the feedback of the community we have changed the handling of web keys. Previously they were automatically generated by Zitadel once the first token had been created and rotated automatically afterwards. This caused problems for some providers as the key's endpoint did not return any key till that point.
With the new implementation you can manage the keys yourself, which also gives you the ability to rotate them at your convenience.
You can find the full documentation here: https://zitadel.com/docs/guides/integrate/login/oidc/webkeys
Testing Period: till 31. March 2025
Testing Objectives:
- Did you have any problems with the configuration?
- Did you encounter problems or bugs?
- Any objections to not fully migrate to the new implementation, and keep the old handling of web keys?
How to test:
- Enable the feature flag for webKey https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
- The first two keys is created automatically by Zitadel
- After that you can manage the keys yourself: https://zitadel.com/docs/guides/integrate/login/oidc/webkeys#web-key-management
Known Bugs / Limitations:
- Only implemented for Instances, Organizations and Milestones at the moment.
- Zitadel as generic OIDC idp doesn’t work at the moment, as it can’t handle the new implementation
Test the web keys and add improvement or bug reports directly to the github repository or let us know your general feedback below!
With the new implementation you can manage the keys yourself, which also gives you the ability to rotate them at your convenience.
You can find the full documentation here: https://zitadel.com/docs/guides/integrate/login/oidc/webkeys
Testing Period: till 31. March 2025
Testing Objectives:
- Did you have any problems with the configuration?
- Did you encounter problems or bugs?
- Any objections to not fully migrate to the new implementation, and keep the old handling of web keys?
How to test:
- Enable the feature flag for webKey https://zitadel.com/docs/apis/resources/feature_service_v2/feature-service-set-instance-features
- The first two keys is created automatically by Zitadel
- After that you can manage the keys yourself: https://zitadel.com/docs/guides/integrate/login/oidc/webkeys#web-key-management
Known Bugs / Limitations:
- Only implemented for Instances, Organizations and Milestones at the moment.
- Zitadel as generic OIDC idp doesn’t work at the moment, as it can’t handle the new implementation
Test the web keys and add improvement or bug reports directly to the github repository or let us know your general feedback below!
Configure and set features that apply to a complete instance. Only fields present in the request are set or unset.
GitHub
ZITADEL - Identity infrastructure, simplified for you. - Issues · zitadel/zitadel
