This issue has been created
There is 1 update.
 
 
OpenId Connect / cid:jira-generated-image-avatar-036cf185-7147-4a68-b344-f03ae6d1fbb4 OIDC-237 Open

The authenticator refuses to validate signed id tokens which are not using RS256 algorithm
 
View issue   ยท   Add comment
 

Issue created

 
cid:jira-generated-image-avatar-2468f216-57b8-4c40-91f1-408d79b58a1b Thomas Mortagne created this issue on 05/Jun/25 12:22
 
Summary: The authenticator refuses to validate signed id tokens which are not using RS256 algorithm
Issue Type: cid:jira-generated-image-avatar-036cf185-7147-4a68-b344-f03ae6d1fbb4 Bug
Affects Versions: 2.18.0
Assignee: Unassigned
Components: Authenticator
Created: 05/Jun/25 12:22
Priority: cid:jira-generated-image-static-major-50bc589b-b348-4883-abcb-eee7842069da Major
Reporter: Thomas Mortagne
Description:

The ID validator behavior is a bit strange: it's mandatory to indicate it when creating the validator, while it could easily use the one indicated in the JWT when calling validate().
 
 

1 update

 
cid:jira-generated-image-avatar-2468f216-57b8-4c40-91f1-408d79b58a1b Changes by Thomas Mortagne on 05/Jun/25 12:24
 
Description: The ID validator behavior is a bit strange: it's mandatory to indicate it when creating the validator, while it could easily use the one indicated in the JWT when calling validate(). So the code was setting one, expecting it more to be the default, but turns out it's the only accepted one, and it's not possible to configure the validator to accept any supported algorithm.
 
 
This message was sent by Atlassian Jira (v9.3.0#930000-sha1:287aeb6) Atlassian logo
If image attachments aren't displayed, see this article.