public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oauth2-proxy/pkg/validation
History
andoks 7c96234233
feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) (#2851) 
* feat: add support for specifying allowed OIDC JWT signing algorithms (#2753)

TODO:
- [X] update docs
- [X] add support in yaml (modern) config
- [X] add more test(s)?

Add (legacy for now) configuration flag "oidc-enabled-signing-alg" (cfg:
oidc_enabled_signing_algs) that allows setting what signing algorithms
are specified by provider in JWT header ("alg" header claim).

In particular useful when skip_oidc_discovery = true, as verifier
defaults to only accept "RS256" in alg field in such circumstances.

Signed-off-by: Jan Larwig <jan@larwig.com>

* doc: update changelog and alpha config

Signed-off-by: Jan Larwig <jan@larwig.com>

* feat: add signing algorithm intersection handling with oidc discovery and additional tests

Signed-off-by: Jan Larwig <jan@larwig.com>

---------

Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
 		2026-03-18 22:24:27 +08:00
..
allowlist.go ci: fix linter warnings for preallocation 2026-01-17 16:01:14 +01:00
allowlist_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
common.go SecretSource.Value should be plain text in memory 2020-12-01 08:56:46 +00:00
common_test.go revert: secrets as []byte instead of string 2025-11-16 22:38:42 +01:00
cookie.go feat(cookie): add feature support for cookie-secret-file (#3104) 2025-07-22 18:59:55 +02:00
cookie_test.go feat(cookie): add feature support for cookie-secret-file (#3104) 2025-07-22 18:59:55 +02:00
header.go ci: fix linter warnings for preallocation 2026-01-17 16:01:14 +01:00
header_test.go revert: secrets as []byte instead of string 2025-11-16 22:38:42 +01:00
logging.go Fix import path for v7 (#800) 2020-09-29 17:44:42 +01:00
options.go deref everything but now with default constants 2025-11-16 22:38:56 +01:00
options_test.go refactor: ptr.Ptr to ptr.To 2025-11-16 22:38:59 +01:00
providers.go feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) (#2851) 2026-03-18 22:24:27 +08:00
providers_test.go feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) (#2851) 2026-03-18 22:24:27 +08:00
sessions.go PKCE Support (#1541) 2022-03-13 10:08:33 +00:00
sessions_test.go adapting unit tests and fixing minor issues introduced with the derefing 2025-11-16 22:38:57 +01:00
upstreams.go ci: fix linter warnings for preallocation 2026-01-17 16:01:14 +01:00
upstreams_test.go fix: static upstreams failing validation due to `passHostHeader` and `proxyWebSockets` defaults being set incorrectly (#3302) 2026-01-17 15:15:19 +01:00
utils.go Add validation for Headers struct 2020-11-07 17:16:54 +00:00
validation_suite_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00