Discovery does not return token_endpoint_auth_signing_alg_values_supported

`token_endpoint_auth_signing_alg_values_supported` is only related to private_key_jwt and client_secret_jwt client authentication methods at the token endpoint, which we do not support. See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata for more details. Signed-off-by: Aram Price <pricear@vmware.com>
2020-12-07 14:15:31 -08:00 · 2020-12-07 14:15:31 -08:00 · e1ae48f2e4
commit e1ae48f2e4
parent 648fa4b9ba
3 changed files with 7 additions and 11 deletions
--- a/internal/oidc/discovery/discovery_handler.go
+++ b/internal/oidc/discovery/discovery_handler.go
@ -31,10 +31,9 @@ type Metadata struct {

 	// vvv Optional vvv

-	TokenEndpointAuthMethodsSupported           []string `json:"token_endpoint_auth_methods_supported"`
-	TokenEndpointAuthSigningAlgoValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
-	ScopesSupported                             []string `json:"scopes_supported"`
-	ClaimsSupported                             []string `json:"claims_supported"`
+	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
+	ScopesSupported                   []string `json:"scopes_supported"`
+	ClaimsSupported                   []string `json:"claims_supported"`

 	// ^^^ Optional ^^^
 }
@ -58,9 +57,8 @@ func NewHandler(issuerURL string) http.Handler {
 			SubjectTypesSupported:             []string{"public"},
 			IDTokenSigningAlgValuesSupported:  []string{"ES256"},
 			TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
-			TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"},
-			ScopesSupported: []string{"openid", "offline"},
-			ClaimsSupported: []string{"groups"},
+			ScopesSupported:                   []string{"openid", "offline"},
+			ClaimsSupported:                   []string{"groups"},
 		}
 		if err := json.NewEncoder(w).Encode(&oidcConfig); err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
--- a/internal/oidc/discovery/discovery_handler_test.go
+++ b/internal/oidc/discovery/discovery_handler_test.go
@ -43,9 +43,8 @@ func TestDiscovery(t *testing.T) {
 				SubjectTypesSupported:             []string{"public"},
 				IDTokenSigningAlgValuesSupported:  []string{"ES256"},
 				TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
-				TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"},
-				ScopesSupported: []string{"openid", "offline"},
-				ClaimsSupported: []string{"groups"},
+				ScopesSupported:                   []string{"openid", "offline"},
+				ClaimsSupported:                   []string{"groups"},
 			},
 		},
 		{
--- a/test/integration/supervisor_discovery_test.go
+++ b/test/integration/supervisor_discovery_test.go
@ -472,7 +472,6 @@ func requireWellKnownEndpointIsWorking(t *testing.T, supervisorScheme, superviso
      "authorization_endpoint": "%s/oauth2/authorize",
      "token_endpoint": "%s/oauth2/token",
      "token_endpoint_auth_methods_supported": ["client_secret_basic"],
-      "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
      "jwks_uri": "%s/jwks.json",
      "scopes_supported": ["openid", "offline"],
      "response_types_supported": ["code"],