Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Allow the OIDC client to use different algorithms
See original GitHub issueDescription
Could the OIDC client have an option to use different algorithms for OidcClient Authentication? I am attempting to authenticate with an NHS service that uses an idiosyncratic Microsoft OAuth implementation that requires the use of RS512 only. My OIDC client configuration is
quarkus.oidc-client.client-enabled=true
quarkus.oidc-client.grant.type=client
quarkus.oidc-client.auth-server-url=https://dev.api.service.nhs.uk/oauth2
quarkus.oidc-client.client-id=<my-cid>
quarkus.oidc-client.discovery-enabled=false
quarkus.oidc-client.token-path=/token
quarkus.oidc-client.credentials.jwt.key-file=pk.pem
quarkus.oidc-client.credentials.jwt.token-key-id=<my-kid
which yields the response
DEBUG [io.qua.oid.cli.run.OidcClientImpl] (vert.x-eventloop-thread-0) Default OidcClient has failed to complete the client_credentials grant request: status: 400, error message:
--
{
"error": "invalid_request",
"error_description": "Invalid 'alg' header in JWT - unsupported JWT algorithm - must be 'RS512'",
"message_id": "rrt-2366435234212063743-b-geu2-6513-5794388-1"
}
I can find no option in the documentation to allow this to be altered. This is using Quarkus 2.4.1
Implementation ideas
No response
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Can different signing algorithms be used across the ID token ...
In conclusion, it's possible and acceptable to use different signing algorithms for the ID token issued for the web application to consume ...
Read more >OpenID Connect (OIDC) authorization code flow mechanism
The Authorization Code Flow mechanism authenticates users of your web application by redirecting them to an OIDC provider, such as Keycloak, to log...
Read more >Configuring an OpenID Connect Client in Liberty - IBM
You can sign ID tokens with an OpenID Connect Client by setting the RSA-SHA256 (RS256) algorithm on the signatureAlgorithm attribute and configuring the...
Read more >OpenID Connect Basic Client Implementer's Guide 1.0 - draft 42
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of...
Read more >OpenID Connect — Django OAuth Toolkit 1.5.0 documentation
To create an OIDC Authorization Code Flow client, create an Application with the grant type Authorization code and select your desired signing algorithm....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@liamor #21201 has resolved it, thanks
That’s awesome, thanks. I’ll try to get some time today to test this.