-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set IDTokenSigningAlgValuesSupported of DiscoveryConfiguration obtained by Discover when initializing RelyingParty. #574
Comments
Similar to #506 where duplicate calls are used for obtaining and setting PKCE config. I would want to propose a configuration option for the RP which will let it take the signing algorithms from the discovery call. // WithSigningAlgsFromDiscovery appends the [WithSupportedSigningAlgorithms] option to the Verifier Options.
// The algorithms returned in the `id_token_signing_alg_values_supported` from the discovery response will be set.
func WithSigningAlgsFromDiscovery() We are open for a PR. |
Thank you for your comment. |
🎉 This issue has been resolved in version 3.22.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Preflight Checklist
Describe your problem
When IDTokenVerifier is executed on a RelyingParty created with NewRelyingPartyOIDC, only RS256 is supported.
CheckSignature is performed on VerifyIDToken, but only RS256 is supported because supportedSigAlgs is always set to 0.
To solve this, specify WithSupportedSigningAlgorithms in the options argument of NewRelyingPartyOIDC.
To determine the value of WithSupportedSigningAlgorithms, create a DiscoveryConfiguration using the Discover method and specify IDTokenSigningAlgValuesSupported.
It is inefficient to use the Discover method twice with NewRelyingPartyOIDC and WithSupportedSigningAlgorithms.
Describe your ideal solution
Add the following processing in NewRelyingPartyOIDC.
Version
v3.18.0
Additional Context
No response
The text was updated successfully, but these errors were encountered: