[Security] supported and recommended algs
Issue #28
new
oidc core forces the adoption of RS256 and enable the implementation of ES256
unfortunately RS256 is to be considered a weka algorithm that, even if it still usable, requires a frequent key rollover to mitigate their risks.
FAPI recommends ES and P here
https://openid.net/specs/openid-financial-api-part-2-1_0-final.html#algorithm-considerations
we’re evaluating to include a reference and a recommendation in iGOV regarding the algs that must be supported (if weak with which workaround) and that should supported (FAPI recommendation)