aws-appsync-community icon indicating copy to clipboard operation
aws-appsync-community copied to clipboard
verified publisher icon aws

Remove alg parameter as required for OPENID_CONNECT Authorization

Open joshjones95 opened this issue 3 years ago • 2 comments

Looking at the standards for JSON Web Keys, the alg parameter is determined to be optional (https://datatracker.ietf.org/doc/html/rfc7517#section-4.4). However it is required as part of AppSync's specification (https://docs.aws.amazon.com/appsync/latest/devguide/security-authz.html#openid-connect-authorization).

This is currently blocking Authorization for IdP's such as Azure AD and Azure AD B2C as part of its JWKS_URI they provide kty and kid

joshjones95 avatar Jan 07 '22 14:01 joshjones95

Nothing on this?

maxblu avatar Jul 29 '22 16:07 maxblu

Appsync work well now with Azure AD the only thing is that the issuer url must be https://login.microsoftonline.com/{tenan-id}/v2.0 and the token to send must be id_token

maxblu avatar Jul 29 '22 17:07 maxblu

Hello, We have made changes that make alg parameter optional. Please feel free to open new issue if you are still having similar issue.

yashpatel6892 avatar Aug 31 '22 22:08 yashpatel6892