Closed sberyozkin closed 2 years ago
@rdebusscher Hi Rudy, we can definitely do it in a follow up major release if you or someone else will find it practically necessary (and similarly for the existing verification algorithm property). I just think right now that the proper solution is a multi-tenancy configuration. Situation where we have a list of supported algorithms, while only supporting a single issuer, does appear to be not very realistic for a given endpoint. thanks
Fixes #289.
See #289 for all the details and specifically this comment. In summary, an
mp.jwt.decrypt.key.algorithm
is introduced to prepare a transition toRSA-OAEP-256
becoming a default algorithm used to decrypt the content encryption key.RSA-OAEP
remains a default algorithm in 2.1.RSA-OAEP-256
will become a new default in the next major release.mp.jwt.decrypt.key.algorithm
might become a list property too.CC @teddyjtorres @rdebusscher