public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
oauth2-proxy/pkg/providers/oidc
History
andoks 7c96234233
feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) (#2851) 
* feat: add support for specifying allowed OIDC JWT signing algorithms (#2753)

TODO:
- [X] update docs
- [X] add support in yaml (modern) config
- [X] add more test(s)?

Add (legacy for now) configuration flag "oidc-enabled-signing-alg" (cfg:
oidc_enabled_signing_algs) that allows setting what signing algorithms
are specified by provider in JWT header ("alg" header claim).

In particular useful when skip_oidc_discovery = true, as verifier
defaults to only accept "RS256" in alg field in such circumstances.

Signed-off-by: Jan Larwig <jan@larwig.com>

* doc: update changelog and alpha config

Signed-off-by: Jan Larwig <jan@larwig.com>

* feat: add signing algorithm intersection handling with oidc discovery and additional tests

Signed-off-by: Jan Larwig <jan@larwig.com>

---------

Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
 		2026-03-18 22:24:27 +08:00
..
oidc_suite_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
provider.go fix typo (#2001) 2023-02-20 14:21:42 +00:00
provider_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00
provider_verifier.go feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) (#2851) 2026-03-18 22:24:27 +08:00
provider_verifier_test.go feat: add support for specifying allowed OIDC JWT signing algorithms (#2753) (#2851) 2026-03-18 22:24:27 +08:00
verifier.go Move OIDC IDToken verifier behind interface 2022-02-19 15:37:54 +00:00
verifier_test.go chore(deps): Updated to ginkgo v2 (#2459) 2024-07-18 22:41:02 +02:00