Skip to content

How-to: Override default algorithm used to sign Jwt #1030

@sapradhan

Description

@sapradhan

Expected Behavior
One should be able to choose Signature Algorithm used to sign access tokens.

Current Behavior
No configuration parameter exists in TokenSettings to choose signature algo for access token. It is hard coded as RS256 while generating Jwt.

JwsAlgorithm jwsAlgorithm = SignatureAlgorithm.RS256;
if (OidcParameterNames.ID_TOKEN.equals(context.getTokenType().getValue())) {
// TODO Allow configuration for ID Token time-to-live
expiresAt = issuedAt.plus(30, ChronoUnit.MINUTES);
if (registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm() != null) {
jwsAlgorithm = registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm();
}
} else {
expiresAt = issuedAt.plus(registeredClient.getTokenSettings().getAccessTokenTimeToLive());
}

Context
Because of this, cannot choose another algorithm like HSxxx or EDxxx for access tokens.
TokenSettings does allow to configuring signing algo for Id Token using idTokenSignatureAlgorithm(SignatureAlgorithm idTokenSignatureAlgorithm) method in the Builder.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions