Either support ES512 or provide a P-256 key in `static/certs/oidc-v2-rp-secret.json`

opengovsg / mockpass

A mock SingPass/CorpPass/MyInfo server for dev purposes

https://blog.data.gov.sg/mockpass-a-mock-singpass-corppass-server-for-testing-in-development-a583193c898c

MIT License

83 stars 82 forks source link

Either support ES512 or provide a P-256 key in `static/certs/oidc-v2-rp-secret.json` #665

Open muhammadnizami opened 3 months ago

muhammadnizami commented 3 months ago

When trying to access GET /corppass/v2/authorize I'm using one of the keys given in static/certs/oidc-v2-rp-secret.json. The signing JWK given there uses ES512 algorithm and P-512 curve. The problem is, if I use that, I get this error from GET /corppass/v2/authorize/ endpoint: The client_assertion alg ES512 does not meet required token_endpoint_auth_signing_alg_values_supported [ 'ES256' ]

cflee commented 3 months ago

@muhammadnizami Could you confirm if that cited line is an error or a warning? This report seems similar to #654, and the issue reporter there said that that it was a warning

cflee commented 3 months ago

But either way, yes, it probably makes sense to provide an static key that works with ES256 for the convenience of users not running mockpass with their own JWKS endpoint