Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support explicit configuration and discovery of JWS signing algorithm when RS256 is not used by the OP. #1567

Open
drewtoto opened this issue Nov 14, 2024 · 0 comments
Open

Support explicit configuration and discovery of JWS signing algorithm when RS256 is not used by the OP. #1567

drewtoto opened this issue Nov 14, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@drewtoto
Copy link

Describe your feature request

Support explicit configuration of id_token_signed_response_alg in the openid-client issuer.Client configuration. Currently, the properties configured when instantiating a issuer.Client are:

From src/lib/server/auth.ts:

{
  client_id: ...,
  client_secret: ...,
  redirect_uris: ...,
  response_types: ...,  
  [custom.clock_tolerance]: ...,
}

Screenshots (if relevant)

N/A

Implementation idea

Pass configuration object containing id_token_signed_response_alg to issuer.Client in getOIDCClient. Allow this property to be explicitly set via environment variable or obtained from id_token_signing_alg_values_supported field in the issuer metadata during OP discovery when RS256 is not included by the OP.

Proposed data structure to pass to issuer.Client:

{
  client_id: ...,
  client_secret: ...,
  redirect_uris: ...,
  response_types: ...,  
  [custom.clock_tolerance]: ...,
  id_token_signed_response_alg: ...,
}
@drewtoto drewtoto added the enhancement New feature or request label Nov 14, 2024
drewtoto pushed a commit to drewtoto/chat-ui that referenced this issue Nov 14, 2024
feat: explicit config of id token alg (huggingface#1567)
3f822a1 
- support to configure `id_token_signed_response_alg` field in the
  configuration object passed to `issuer.Client` in
  `src/lib/server/auth.ts`.

- allow `id_token_signed_response_alg` to be set from environment
  variable `OIDConfig.ID_TOKEN_SIGNED_RESPONSE_ALG` or obtained via
  OP metadata during issuer discovery when `RS256` is not included.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@drewtoto