Problem
Customers building with languages/frameworks not covered by Scalekit SDKs (e.g. Ruby on Rails) need to implement OIDC token validation themselves. There is no guide covering the key endpoints and algorithm required.
Customer question (from support, Pylon #603):
We're implementing validation for the OIDC id_token using our own client (Ruby on Rails). Could you confirm: expected format of issuer, correct jwks_uri, and that RS256 is the intended signing algorithm?
Support team answered:
- Issuer: your environment URL
- JWKS URL:
{env_url}/keys
- Signing algorithm:
RS256
Expected fix
Add a section or dedicated page for OIDC token validation for custom/non-SDK implementations. Should cover:
- Fetching OpenID configuration from
{env_url}/.well-known/openid-configuration
- Extracting
issuer (= environment URL) and jwks_uri (= {env_url}/keys)
- Verifying
id_token using RS256 with checks for iss, aud, and exp
- Standard validation flow:
GET {env}/.well-known/openid-configuration → extract issuer + jwks_uri → GET JWKS → verify JWT
This could live on the SSO token validation guide or as a standalone reference for non-SDK implementors.
Source
Pylon conversation #603
Problem
Customers building with languages/frameworks not covered by Scalekit SDKs (e.g. Ruby on Rails) need to implement OIDC token validation themselves. There is no guide covering the key endpoints and algorithm required.
Customer question (from support, Pylon #603):
Support team answered:
{env_url}/keysRS256Expected fix
Add a section or dedicated page for OIDC token validation for custom/non-SDK implementations. Should cover:
{env_url}/.well-known/openid-configurationissuer(= environment URL) andjwks_uri(={env_url}/keys)id_tokenusing RS256 with checks foriss,aud, andexpThis could live on the SSO token validation guide or as a standalone reference for non-SDK implementors.
Source
Pylon conversation #603