-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Open
Labels
type: documentationA documentation updateA documentation update
Description
Expected Behavior
One should be able to choose Signature Algorithm used to sign access tokens.
Current Behavior
No configuration parameter exists in TokenSettings
to choose signature algo for access token. It is hard coded as RS256 while generating Jwt.
Lines 93 to 102 in aed93f3
JwsAlgorithm jwsAlgorithm = SignatureAlgorithm.RS256; | |
if (OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue())) { | |
// TODO Allow configuration for ID Token time-to-live | |
expiresAt = issuedAt.plus(30, ChronoUnit.MINUTES); | |
if (registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm() != null) { | |
jwsAlgorithm = registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm(); | |
} | |
} else { | |
expiresAt = issuedAt.plus(registeredClient.getTokenSettings().getAccessTokenTimeToLive()); | |
} |
Context
Because of this, cannot choose another algorithm like HSxxx or EDxxx for access tokens.
TokenSettings
does allow to configuring signing algo for Id Token using idTokenSignatureAlgorithm(SignatureAlgorithm idTokenSignatureAlgorithm)
method in the Builder.
hectorespert and maximilianguglerdlehammer
Metadata
Metadata
Assignees
Labels
type: documentationA documentation updateA documentation update