mockpass icon indicating copy to clipboard operation
mockpass copied to clipboard
Published 1 month ago verified publisher icon opengovsg

Either support ES512 or provide a P-256 key in `static/certs/oidc-v2-rp-secret.json`

Open muhammadnizami opened this issue 1 year ago • 2 comments

When trying to access GET /corppass/v2/authorize I'm using one of the keys given in static/certs/oidc-v2-rp-secret.json. The signing JWK given there uses ES512 algorithm and P-512 curve. The problem is, if I use that, I get this error from GET /corppass/v2/authorize/ endpoint: The client_assertion alg ES512 does not meet required token_endpoint_auth_signing_alg_values_supported [ 'ES256' ]

muhammadnizami avatar May 20 '24 08:05 muhammadnizami

@muhammadnizami Could you confirm if that cited line is an error or a warning? This report seems similar to #654, and the issue reporter there said that that it was a warning

cflee avatar May 20 '24 14:05 cflee

But either way, yes, it probably makes sense to provide an static key that works with ES256 for the convenience of users not running mockpass with their own JWKS endpoint

cflee avatar May 20 '24 14:05 cflee