feat: "kid" support in JWT header and multiple keys.

[merlin-northern]

Ticket: MEN-6804
Changelog: title

[mender-test-bot]

@merlin-northern, Let me know if you want to start the integration pipeline by mentioning me and the command "start pipeline".

---

my commands and options

You can trigger a pipeline on multiple prs with:

• mentioning me and start pipeline --pr mender/127 --pr mender-connect/255

You can start a fast pipeline, disabling full integration tests with:

• mentioning me and start pipeline --fast

You can trigger GitHub->GitLab branch sync with:

• mentioning me and sync

You can cherry pick to a given branch or branches with:

• mentioning me and:

 cherry-pick to:
 * 1.0.x
 * 2.0.x

[merlin-northern]

@mender-test-bot start pipeline please honey

[mender-test-bot]

Hello 😸 I created a pipeline for you here: Pipeline-1076295007

Build Configuration Matrix

Key	Value
AUDITLOGS_REV	master
BUILD_CLIENT	false
CREATE_ARTIFACT_WORKER_REV	master
DEPLOYMENTS_ENTERPRISE_REV	master
DEPLOYMENTS_REV	master
DEVICEAUTH_ENTERPRISE_REV	master
DEVICEAUTH_REV	master
DEVICECONFIG_REV	master
DEVICECONNECT_REV	master
DEVICEMONITOR_REV	master
GENERATE_DELTA_WORKER_REV	master
GUI_REV	master
INTEGRATION_REV	master
INVENTORY_ENTERPRISE_REV	master
INVENTORY_REV	master
IOT_MANAGER_REV	master
MENDER_ARTIFACT_REV	master
MENDER_BINARY_DELTA_REV	master
MENDER_CLI_REV	master
MENDER_CONFIGURE_MODULE_REV	master
MENDER_CONNECT_REV	master
MENDER_CONVERT_REV	master
MENDER_GATEWAY_REV	master
MENDER_REV	master
MENDER_SETUP_REV	master
MENDER_SNAPSHOT_REV	master
MONITOR_CLIENT_REV	master
MTLS_AMBASSADOR_REV	master
RUN_BACKEND_INTEGRATION_TESTS	true
RUN_INTEGRATION_TESTS	true
TENANTADM_REV	master
USERADM_ENTERPRISE_REV	master
USERADM_REV	pull/392/head
WORKFLOWS_ENTERPRISE_REV	master
WORKFLOWS_REV	master

[alfrunes]

The title of the PR and the ticket description does not align.
Although I like the idea of adding support for JWK support in the backend, the ticket was actually about adding support for allowing tokens with no key signature. Probably the easiest way of achieving this is to set the alg header field to none if none of the private key configs are set.

[merlin-northern]

The title of the PR and the ticket description does not align. Although I like the idea of adding support for JWK support in the backend, the ticket was actually about adding support for allowing tokens with no key signature. Probably the easiest way of achieving this is to set the alg header field to none if none of the private key configs are set.

thanks. if you like it, I consider it a good sign :) and I have been down that road, the library we use will not allow to verify the token with alg none.

[kjaskiewiczz]

looks good to me, but since it's not exactly what was requested in the ticket, I'd like to know @alfrunes (the author of the ticket) opinion before merging

[merlin-northern]

looks good to me, but since it's not exactly what was requested in the ticket, I'd like to know @alfrunes (the author of the ticket) opinion before merging

no worries, there is already an item added for tomorrow.

[merlin-northern]

@mender-test-bot start pipeline please honey

[mender-test-bot]

Hello 😸 I created a pipeline for you here: Pipeline-1088486974

Build Configuration Matrix

Key	Value
AUDITLOGS_REV	master
BUILD_CLIENT	false
CREATE_ARTIFACT_WORKER_REV	master
DEPLOYMENTS_ENTERPRISE_REV	master
DEPLOYMENTS_REV	master
DEVICEAUTH_ENTERPRISE_REV	master
DEVICEAUTH_REV	master
DEVICECONFIG_REV	master
DEVICECONNECT_REV	master
DEVICEMONITOR_REV	master
GENERATE_DELTA_WORKER_REV	master
GUI_REV	master
INTEGRATION_REV	master
INVENTORY_ENTERPRISE_REV	master
INVENTORY_REV	master
IOT_MANAGER_REV	master
MENDER_ARTIFACT_REV	master
MENDER_BINARY_DELTA_REV	master
MENDER_CLI_REV	master
MENDER_CONFIGURE_MODULE_REV	master
MENDER_CONNECT_REV	master
MENDER_CONVERT_REV	master
MENDER_GATEWAY_REV	master
MENDER_REV	master
MENDER_SETUP_REV	master
MENDER_SNAPSHOT_REV	master
MONITOR_CLIENT_REV	master
MTLS_AMBASSADOR_REV	master
RUN_BACKEND_INTEGRATION_TESTS	true
RUN_INTEGRATION_TESTS	true
TENANTADM_REV	master
USERADM_ENTERPRISE_REV	master
USERADM_REV	pull/392/head
WORKFLOWS_ENTERPRISE_REV	master
WORKFLOWS_REV	master

[mender-test-bot]

Merging these commits will result in the following changelog entries:

Changelogs

useradm (men_6804_key_rotation_support)

New changes in useradm since master:

Features

• "kid" support in JWT header and multiple keys.
  (MEN-6804)

[merlin-northern]

@mender-test-bot start pipeline --fast please

[mender-test-bot]

Hello 😸 I created a pipeline for you here: Pipeline-1089697069

Build Configuration Matrix

Key	Value
AUDITLOGS_REV	master
BUILD_CLIENT	false
CREATE_ARTIFACT_WORKER_REV	master
DEPLOYMENTS_ENTERPRISE_REV	master
DEPLOYMENTS_REV	master
DEVICEAUTH_ENTERPRISE_REV	master
DEVICEAUTH_REV	master
DEVICECONFIG_REV	master
DEVICECONNECT_REV	master
DEVICEMONITOR_REV	master
GENERATE_DELTA_WORKER_REV	master
GUI_REV	master
INTEGRATION_REV	master
INVENTORY_ENTERPRISE_REV	master
INVENTORY_REV	master
IOT_MANAGER_REV	master
MENDER_ARTIFACT_REV	master
MENDER_BINARY_DELTA_REV	master
MENDER_CLI_REV	master
MENDER_CONFIGURE_MODULE_REV	master
MENDER_CONNECT_REV	master
MENDER_CONVERT_REV	master
MENDER_GATEWAY_REV	master
MENDER_REV	master
MENDER_SETUP_REV	master
MENDER_SNAPSHOT_REV	master
MONITOR_CLIENT_REV	master
MTLS_AMBASSADOR_REV	master
RUN_BACKEND_INTEGRATION_TESTS	true
RUN_INTEGRATION_TESTS	false
TENANTADM_REV	master
USERADM_ENTERPRISE_REV	master
USERADM_REV	pull/392/head
WORKFLOWS_ENTERPRISE_REV	master
WORKFLOWS_REV	master

[mender-test-bot]

Hello 😸 This PR contains changelog entries. Please, verify the need of backporting it to the following release branches:
1.21.x (release 3.6.x)
1.18.x (release 3.3.x)