oauth2-proxy icon indicating copy to clipboard operation
oauth2-proxy copied to clipboard
verified publisher icon oauth2-proxy

[Feature]: enable manually configuring token signing algorithms

Open andoks opened this issue 1 year ago • 8 comments

Motivation

Currently I get the error [oauthproxy.go:881] Error redeeming code during OAuth2 callback: could not verify id_token: failed to verify token: oidc: id token signed with unsupported algorithm, expected ["RS256"] got "EdDSA", I suspect because I have turned skip_oidc_discovery off (i.e true).

Possible solution

I would like to set the list of signing algorithms to use (it seems to default to RS256 as described in https://github.com/oauth2-proxy/oauth2-proxy/issues/1100).

I will look at providing a PR with a change for this if this is desirable by the project.

Provider

oidc

andoks avatar Aug 23 '24 15:08 andoks

I have experimented a bit, and created a WIP patch for this enhancement as a proof-of-concept that seems to work OK as go-oidc have had EdDSA support (https://github.com/coreos/go-oidc/commit/cd52382a51eb12b4a95207a3e39cbab87d9469e1) for quite a few versions already. If this feature is acceptable, I can polish it and try to ready it for merging.

andoks avatar Aug 26 '24 10:08 andoks

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

github-actions[bot] avatar Oct 26 '24 00:10 github-actions[bot]

@andoks sorry for the long wait. Feel free to open the PR

tuunit avatar Nov 11 '24 14:11 tuunit

@tuunit : have pushed a PR #2851 - if you can have look and see if this seems to be the right direction, and maybe point out where to add docs and new-style config changes, that would be great :+1:

andoks avatar Nov 15 '24 11:11 andoks

This issue has been inactive for 180 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 14 days, the issue will be marked closed.

github-actions[bot] avatar May 15 '25 00:05 github-actions[bot]

Unstale

@tuunit : it has been a while, but I think the patch still is relevant. If the approach is good, I can rebase if necessary and prepare it for merging

andoks avatar May 15 '25 08:05 andoks

This issue has been inactive for 180 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 14 days, the issue will be marked closed.

github-actions[bot] avatar Nov 13 '25 00:11 github-actions[bot]

This is still relevant

liviozanol avatar Nov 17 '25 08:11 liviozanol