Incorrect `alg` for EdDSA signed JWTs
beanow-at-crabnebula opened this issue · comments
#130 adds support for EdDSA.
However trying it out in practice I found an issue parsing tokens from an external issuer.
As per https://www.rfc-editor.org/rfc/rfc8037
The header should look like:
{"alg":"EdDSA"}
(In practice you'd often see typ
and kid
as well.)
But the library tests with a header like:
{"alg":"Ed25519","crv":"Ed25519"}
Producing errors such as:
Error("Failed to parse header JSON: Error(\"unrecognized JSON Web Algorithm `EdDSA`\", line: 1, column: 14)", line: 1, column: 1466)
Which seems like a serde_json error for parsing a token response.
Guessing at least related to this serde rename.
openidconnect-rs/src/core/mod.rs
Lines 682 to 684 in fcada17
Thanks for the bug report! Looking into this... cc: @xshadowlegendx