The Wordpress Proxy Auth Plugin helps developers/DevOps/admins easily implement authentication and authorization for WordPress by using a JWT token provided by a reverse proxy.
I was wondering if its possible to make the implementation of this plugin more generic by adding the following features:
Allow the HTTP header holding the JWT to be configurable (leaving the default as-is so existing users are not affected)
Add the ability to verify the signature of the JWT from a configured JWK URL instead of via a shared key
The PHP library used to validate JWT's supports using JWKS so this should (in theory) be a couple extra configuration options plus some conditional logic to decode the JWT via the secret key or the provided JWKS (depending on what was specified).
If this is something that has the potential to be looked at please let me know as I would like to help if I can.