Ignore unsupported algorithms

Question

Ignore unsupported algorithms

centromere opened this issue 5 years ago · comments

I am using Keycloak as my OIDC provider, and the well-known endpoint advertises PS384 as a supported signing algorithm. Parsing the JSON fails in this case, however this is not ideal. Would it be possible to ignore unsupported algorithms?

Julien Debon · Answer 1 · Mon Jan 13 2020 23:26:22 GMT+0800 (China Standard Time)

We just started having the same issue: algorithme PS256 breaks.

How about using eitherDecode instead of decode in Web.OIDC.Client.Discovery#discover? At least this would help investigating why the library breaks
At least be able to "not break" when algorithms are unknown? E.g. via environment variable

Sho Kuroda · Answer 2 · Wed Jan 22 2020 11:30:09 GMT+0800 (China Standard Time)

@centromere @sir4ur0n
Thank you for your report and suggestions!

I think the issue was resolved by #36. I will release a new version.

Sho Kuroda · Answer 3 · Sat Jan 25 2020 17:09:44 GMT+0800 (China Standard Time)

0.5.0.0 released. #37

Julien Debon · Answer 4 · Mon Jan 27 2020 00:19:30 GMT+0800 (China Standard Time)

Excellent, thank you for your work! We have already upgraded 😄