TimothyJones#14 - Fix for Autodiscovery issue

Placing the `jwks.json` endpoint under `/.well-known/` makes the whole
shim autodiscoverable by AWS Cognito

This is also the default location as per https://auth0.com/docs/jwks

Author: derjust

README.md

@@ -253,9 +253,7 @@ A full OpenID implementation would also include:
 
 **Known issues**
 
-If deployed via lambda, Cognito can't seem to use the discovery endpoint.
-However, the endpoints can be specified manually as described in the getting
-started instructions.
+none
 
 ## Extending
 

src/openid.js

@@ -92,7 +92,7 @@ const getConfigFor = host => ({
   userinfo_endpoint: `https://${host}/userinfo`,
   // check_session_iframe: 'https://server.example.com/connect/check_session',
   // end_session_endpoint: 'https://server.example.com/connect/end_session',
-  jwks_uri: `https://${host}/jwks.json`,
+  jwks_uri: `https://${host}/.well-known/jwks.json`,
   // registration_endpoint: 'https://server.example.com/connect/register',
   scopes_supported: ['openid', 'read:user', 'user:email'],
   response_types_supported: [

src/openid.test.js

@@ -155,7 +155,7 @@ describe('openid domain layer', () => {
           display_values_supported: ['page', 'popup'],
           id_token_signing_alg_values_supported: ['RS256'],
           issuer: 'https://not-a-real-host.com',
-          jwks_uri: 'https://not-a-real-host.com/jwks.json',
+          jwks_uri: 'https://not-a-real-host.com/.well-known/jwks.json',
           request_object_signing_alg_values_supported: ['none'],
           response_types_supported: [
             'code',

template.yml

@@ -89,7 +89,7 @@ Resources:
         GetResource:
           Type: Api
           Properties:
-            Path: /jwks.json
+            Path: /.well-known/jwks.json
             Method: get
 
 Outputs: