Our ID token signing algorithm is ES256, not RS256

We are currently using EC keys to sign ID tokens, so we should reflect that in
our OIDC discovery metadata.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
This commit is contained in:
Andrew Keesler 2020-12-03 07:46:07 -05:00
parent 1dd7c82af6
commit fe2e2bdff1
No known key found for this signature in database
GPG Key ID: 27CE0444346F9413
3 changed files with 3 additions and 3 deletions

View File

@ -56,7 +56,7 @@ func NewHandler(issuerURL string) http.Handler {
JWKSURI: issuerURL + oidc.JWKSEndpointPath,
ResponseTypesSupported: []string{"code"},
SubjectTypesSupported: []string{"public"},
IDTokenSigningAlgValuesSupported: []string{"RS256"},
IDTokenSigningAlgValuesSupported: []string{"ES256"},
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"},
ScopesSupported: []string{"openid", "offline"},

View File

@ -41,7 +41,7 @@ func TestDiscovery(t *testing.T) {
JWKSURI: "https://some-issuer.com/some/path/jwks.json",
ResponseTypesSupported: []string{"code"},
SubjectTypesSupported: []string{"public"},
IDTokenSigningAlgValuesSupported: []string{"RS256"},
IDTokenSigningAlgValuesSupported: []string{"ES256"},
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"},
ScopesSupported: []string{"openid", "offline"},

View File

@ -479,7 +479,7 @@ func requireWellKnownEndpointIsWorking(t *testing.T, supervisorScheme, superviso
"response_types_supported": ["code"],
"claims_supported": ["groups"],
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported": ["RS256"]
"id_token_signing_alg_values_supported": ["ES256"]
}`)
expectedJSON := fmt.Sprintf(expectedResultTemplate, issuerName, issuerName, issuerName, issuerName)