Encryption-Key not optional, bug or feature?

[ricwein]

While trying to integrate a keycloak authentication flow into a symfony application I stumbled about this great library. Sadly I can't get it to work for this usecase.

The Keycloak setup in question doesn't use a key, except the client id+secret for authentication. But this libs Configuration Extension validates, that either encryption_key or encryption_key_path are set in Configuration.php:36. In the base-Lib stevenmaguire/oauth2-keycloak the key-configs are correctly stated as optional.

Is this a bug in the configuration validation, or intended behavior?

---

Thanks and have a nice day, ricwein