No option to specify token signing algorithm, e.g. RS256 or PS256

[strehle]

What version of UAA are you running?

What output do you see from curl <YOUR_UAA>/info -H'Accept: application/json'?

75.16.0 or develop

How are you deploying the UAA?

I am deploying the UAA

• locally only using gradle

What did you do?

Setup UAA with asymetric key in order to create FAPI compliant tokens, e.g. https://openid.net/specs/openid-financial-api-part-2-wd-02.html

The siging algorithm is automatically set to RS256. The issue #1280 has shown that UAA has no option to specify the signing algorithm but it is calculated based on the provided key. This approach works for symetric, and asymetric keys if RSA and/or ECDSA because of different PEM header, but RS256 and PS256 uses both a RSA key. In case of increase hash alsorithm to RS512 an option is also missing.

FAPI defines the JWT signing to PS256 , ES256, e.g. https://openid.net/specs/openid-financial-api-part-2-wd-02.html#jws-algorithm-considerations , so UAA cannot fullfill this right now.

What did you expect to see? What goal are you trying to achieve with the UAA?

an option in YAML configuration to specify the signing key algoritm

What did you see instead?

default usage of RS256 in case of RSA keys, but no support of PS256, see more details in https://github.com/cloudfoundry/uaa/pull/1813 . Even here no PS256 support is given

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/181650671

The labels on this github issue will be updated when the story is started.