Cbox ID JWKS Auth
A JWKS-only validator and Laravel middleware for resource servers consuming Cbox ID-issued tokens. Caches the JWKS aggressively, validates JWTs locally, and tolerates ID being down via a grace window.
Cbox ID JWKS Auth is the resource-server half of service auth: a JWKS-only validator and Laravel middleware for apps consuming Cbox ID-issued JWTs. High-volume gateways cannot afford a round-trip to the identity server on every request, so it caches the JWKS aggressively, validates tokens locally, and keeps serving from the last good key set for up to 24 hours if a fetch fails.
Validate Locally
JWKS-only validation
Validates ID-issued JWTs against the published key set, with no per-request call back to the identity server.
Aggressive caching
The JWKS is cached and refreshed on a TTL, so validation stays in-process and fast even under heavy traffic.
Tolerates ID downtime
A configurable grace window keeps the last good JWKS serving up to 24 hours after a fetch failure, so an ID blip does not take your gateway down.
Laravel middleware
Auto-discovered service provider and middleware. Configure the issuer, JWKS URI and audience and protect a route.
Pair with Cbox ID Tokens
This package validates incoming tokens. When an app also needs to mint ID-issued tokens to call other services, pair it with cboxdk/cbox-id-tokens. Revocation is not honoured by JWKS-only validation; the short access-token TTL is the mitigation.