OpenIdConnectServer health check does not allow RS512 only signing algorithm

Xabaril / AspNetCore.Diagnostics.HealthChecks

Enterprise HealthChecks for ASP.NET Core Diagnostics Package

Apache License 2.0

3.98k stars 771 forks source link

OpenIdConnectServer health check does not allow RS512 only signing algorithm #2175

Open m-gug opened 4 months ago

m-gug commented 4 months ago

What happened: The current implementation expects the OIDC provider to support RS256 as a signature algorithm.

What you expected to happen: It should also be allowed that the OIDC provider only supports RS512 and the health check still works.

How to reproduce it (as minimally and precisely as possible): Run the health check against a ODIC Provider that only supports RS512 as signing algorithm.

.NET Core version 8
Healthchecks version 8.0.0

DanRogers99 commented 3 months ago

We also use another signing algorithm.

It would be good if we could override this property

https://github.com/Xabaril/AspNetCore.Diagnostics.HealthChecks/blob/73abc7a094f9ef625b83455898a21d22d2fa6a82/src/HealthChecks.OpenIdConnectServer/OidcConstants.cs#L23

m-gug commented 3 months ago

@DanRogers99 Yes, I agree. I added to my PR so that the algorithms can be specified as parameters.