search

zitadel / oidc

Easy to use OpenID Connect client and server library written for Go and certified by the OpenID Foundation
https://zitadel.com
Apache License 2.0
1.33k stars 138 forks source link

I want to increase the defaults for signature algorithm. #605

Closed nannany closed 3 months ago

nannany commented 4 months ago

Preflight Checklist

Describe your problem

I am using zitadel/oidc to create an OpenID Provider. I believe the library intends that the VerifyJWTAssertion function is called when client authentication is done with private_key_jwt. However, this function currently only supports RS256 since the supportedSigAlgs argument is nil when executing the CheckSignature function. Therefore I would like to sign with ES256, which is not possible.

Describe your ideal solution

Since the FAPI states that PS256 or ES256 is recommended, why not support PS256 or ES256 if it is not specified here as well?

Version

v3.22.1

Environment

Self-hosted

Additional Context

No response

hifabienne commented 3 months ago

I think this is a duplicate of the following issue? https://github.com/zitadel/oidc/issues/259 @muhlemmer @livio-a am I right? In that case I would close the issue here, to avoid duplicates

muhlemmer commented 3 months ago

closed by https://github.com/zitadel/oidc/pull/606