e05213f9dd
EC keys are smaller and take less time to generate. Our integration tests were super flakey because generating an RSA key would take up to 10 seconds *gasp*. The main token verifier that we care about is Kubernetes, which supports P256, so hopefully it won't be that much of an issue that our default signing key type is EC. The OIDC spec seems kinda squirmy when it comes to using non-RSA signing algorithms... Signed-off-by: Andrew Keesler <akeesler@vmware.com>
14 lines
219 B
JSON
14 lines
219 B
JSON
{
|
|
"keys": [
|
|
{
|
|
"use": "sig",
|
|
"kty": "EC",
|
|
"kid": "some-other-key",
|
|
"crv": "P-256",
|
|
"alg": "ES256",
|
|
"x": "awmmj6CIMhSoJyfsqH7sekbTeY72GGPLEy16tPWVz2U",
|
|
"y": "0"
|
|
}
|
|
]
|
|
}
|