public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oauth2-proxy/pkg/apis
History
andoks 7c96234233
feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) (#2851) 
* feat: add support for specifying allowed OIDC JWT signing algorithms (#2753)

TODO:
- [X] update docs
- [X] add support in yaml (modern) config
- [X] add more test(s)?

Add (legacy for now) configuration flag "oidc-enabled-signing-alg" (cfg:
oidc_enabled_signing_algs) that allows setting what signing algorithms
are specified by provider in JWT header ("alg" header claim).

In particular useful when skip_oidc_discovery = true, as verifier
defaults to only accept "RS256" in alg field in such circumstances.

Signed-off-by: Jan Larwig <jan@larwig.com>

* doc: update changelog and alpha config

Signed-off-by: Jan Larwig <jan@larwig.com>

* feat: add signing algorithm intersection handling with oidc discovery and additional tests

Signed-off-by: Jan Larwig <jan@larwig.com>

---------

Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
 		2026-03-18 22:24:27 +08:00
..
ip Move RealClientIP code to IP packages 2020-05-23 15:17:41 +01:00
middleware adapting unit tests and fixing minor issues introduced with the derefing 2025-11-16 22:38:57 +01:00
options feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) (#2851) 2026-03-18 22:24:27 +08:00
sessions feat: allow arbitrary claims from the IDToken and IdentityProvider UserInfo endpoint to be added to the session state (#2685) 2026-03-14 12:04:33 +08:00