Closed yovasx2 closed 2 years ago
AS discovery does not determine the constructed client metadata defaults.
I cannot imagine the pain debugging a problem stemming from an AS updating its metadata and something defaulting to a different or no value - leading to breakage or unintended behaviours.
Configure your client instances with explicit values.
Got it, thx!
Describe the bug When I instantiate a client with and issuer using discovery with this URL: https://controller.sandbox.myoneid.co.uk/.well-known/openid-configuration
the client doesn't get the correct cipher algorithm (PS256):
To Reproduce Issuer and Client configuration: (inline or gist) - Don't forget to redact your secrets.
Steps to reproduce the behaviour:
unexpected JWT alg received, expected RS256, got: PS256
Expected behaviour The discovery must set PS256 instead of RS256 alg
Environment:
Additional context Add any other context about the problem here.