OpenID 'id_token_signing_alg_values_supported' should be honored
Issue #379
invalid
Current implementation doesn't honor 'id_token_signing_alg_values_supported' in /.well-known/openid-configuration.
Currently, we have to hardcode the algorithm in source code to support any algorithms that's is not 'RS256'. However, the code would be broken if we change the signature algorithm from the hardcoded one.
proposal: to honor OpenID: 'id_token_signing_alg_values_supported'. The supported algorithms will be pulled from /.well-know/openid-configuration.
Comments (2)
-
-
- changed status to invalid
Please, post this issue in the OIDC SDK tracker, this library is for JOSE and JWT only.
- Log in to comment
Sorry forgot to logged before creating this issue.