ericchiang
commented
4 months ago The algorithms should already be detected through the id_token_signing_alg_values_supported key in discovery.
https://github.com/coreos/go-oidc/blob/22dfdcabd450013b4d51ac15b6423f529d957e9f/oidc/oidc.go#L138 https://github.com/coreos/go-oidc/blob/22dfdcabd450013b4d51ac15b6423f529d957e9f/oidc/oidc.go#L242-L255 https://github.com/coreos/go-oidc/blob/22dfdcabd450013b4d51ac15b6423f529d957e9f/oidc/verify.go#L138-L144
What provider are you attempting to use this with? Do you have their discovery doc?
AdriDevelopsThings
I'm trying to verify a oidc token but I get the following error:
id token signed with unsupported algorithm, expected [\"RS256\"] got \"ES256\". The openid-configurations keyid_token_signing_alg_values_supportedis["ES256"]. The library should automatically recognize the algorithm.go-oicdversion: v2.2.1Context: I'm using
traefik-forward-authwhat is using this library. They verify the token here: https://github.com/thomseddon/traefik-forward-auth/blob/master/internal/provider/oidc.go#L88. I'm not sure if the bug is intraefik-forward-author ingo-oidcbut I guess you can see the problem faster.I already found this issue but
traefik-forward-authusesVerifierinstead ofNewVerifier. There is someone attraefik-forward-authwho has the same problem than me (https://github.com/thomseddon/traefik-forward-auth/issues/358) but the supported algorithms should be recognized by this library automatically instead of adding them manually I guess.