sberyozkin
commented
2 years ago @rdebusscher Hi Rudy, we can definitely do it in a follow up major release if you or someone else will find it practically necessary (and similarly for the existing verification algorithm property). I just think right now that the proper solution is a multi-tenancy configuration. Situation where we have a list of supported algorithms, while only supporting a single issuer, does appear to be not very realistic for a given endpoint. thanks
Fixes #289.
See #289 for all the details and specifically this comment. In summary, an
mp.jwt.decrypt.key.algorithmis introduced to prepare a transition toRSA-OAEP-256becoming a default algorithm used to decrypt the content encryption key.RSA-OAEPremains a default algorithm in 2.1.RSA-OAEP-256will become a new default in the next major release.mp.jwt.decrypt.key.algorithmmight become a list property too.CC @teddyjtorres @rdebusscher