💡👌 Add a link to RFC for ID token validation. Remove a comment about …

…supporting only RS256.
jwojnowski · Nov 5, 2023 · a7a914a · a7a914a
1 parent 34cf81f
commit a7a914a
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 1 deletion.
diff --git a/core/src/main/scala/me/wojnowski/oidc4s/Algorithm.scala b/core/src/main/scala/me/wojnowski/oidc4s/Algorithm.scala
@@ -6,7 +6,6 @@ import cats.implicits._
 
 sealed abstract class Algorithm(val name: String, val fullName: String) extends Product with Serializable
 
-// According to OIDC RFC, only RS256 should be supported
 object Algorithm {
   case object Rs256 extends Algorithm(name = "RS256", fullName = "SHA256withRSA")
   case object Rs384 extends Algorithm(name = "RS384", fullName = "SHA384withRSA")

diff --git a/core/src/main/scala/me/wojnowski/oidc4s/IdTokenVerifier.scala b/core/src/main/scala/me/wojnowski/oidc4s/IdTokenVerifier.scala
@@ -125,6 +125,7 @@ object IdTokenVerifier {
             UnsupportedAlgorithm.fromRawError(rawError).getOrElse(CouldNotDecodeHeader(rawError))
           }
 
+      // RFC: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDTValidation
       private def decodeJwtAndVerifySignature[A: ClaimsDecoder](rawToken: String, key: PublicKey, header: JoseHeader)
         : Either[Error, (A, IdTokenClaims)] =
         rawToken.split('.') match {