Our ID token signing algorithm is ES256, not RS256
We are currently using EC keys to sign ID tokens, so we should reflect that in our OIDC discovery metadata. Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
parent
1dd7c82af6
commit
fe2e2bdff1
@ -56,7 +56,7 @@ func NewHandler(issuerURL string) http.Handler {
|
||||
JWKSURI: issuerURL + oidc.JWKSEndpointPath,
|
||||
ResponseTypesSupported: []string{"code"},
|
||||
SubjectTypesSupported: []string{"public"},
|
||||
IDTokenSigningAlgValuesSupported: []string{"RS256"},
|
||||
IDTokenSigningAlgValuesSupported: []string{"ES256"},
|
||||
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
|
||||
TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"},
|
||||
ScopesSupported: []string{"openid", "offline"},
|
||||
|
@ -41,7 +41,7 @@ func TestDiscovery(t *testing.T) {
|
||||
JWKSURI: "https://some-issuer.com/some/path/jwks.json",
|
||||
ResponseTypesSupported: []string{"code"},
|
||||
SubjectTypesSupported: []string{"public"},
|
||||
IDTokenSigningAlgValuesSupported: []string{"RS256"},
|
||||
IDTokenSigningAlgValuesSupported: []string{"ES256"},
|
||||
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
|
||||
TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"},
|
||||
ScopesSupported: []string{"openid", "offline"},
|
||||
|
@ -479,7 +479,7 @@ func requireWellKnownEndpointIsWorking(t *testing.T, supervisorScheme, superviso
|
||||
"response_types_supported": ["code"],
|
||||
"claims_supported": ["groups"],
|
||||
"subject_types_supported": ["public"],
|
||||
"id_token_signing_alg_values_supported": ["RS256"]
|
||||
"id_token_signing_alg_values_supported": ["ES256"]
|
||||
}`)
|
||||
expectedJSON := fmt.Sprintf(expectedResultTemplate, issuerName, issuerName, issuerName, issuerName)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user