oidc icon indicating copy to clipboard operation
oidc copied to clipboard
verified publisher icon zitadel

I want to increase the defaults for signature algorithm.

Open nannany opened this issue 1 year ago • 0 comments

Preflight Checklist

  • [X] I could not find a solution in the existing issues, docs, nor discussions
  • [X] I have joined the ZITADEL chat

Describe your problem

I am using zitadel/oidc to create an OpenID Provider. I believe the library intends that the VerifyJWTAssertion function is called when client authentication is done with private_key_jwt. However, this function currently only supports RS256 since the supportedSigAlgs argument is nil when executing the CheckSignature function. Therefore I would like to sign with ES256, which is not possible.

Describe your ideal solution

Since the FAPI states that PS256 or ES256 is recommended, why not support PS256 or ES256 if it is not specified here as well?

Version

v3.22.1

Environment

Self-hosted

Additional Context

No response

nannany avatar May 07 '24 15:05 nannany