Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ES256 is used as "alg" in JWT generation regardless of actual ECC certificate curve #11838

Open
Caligatio opened this issue Oct 28, 2024 · 0 comments
Open

ES256 is used as "alg" in JWT generation regardless of actual ECC certificate curve #11838

Caligatio opened this issue Oct 28, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@Caligatio
Copy link

Describe the bug
Regardless of the curve used in an ECC certificate, Authentik sets the "alg" in the JWT to ES256. ES256 is explicitly defined as using the P-256 curve so this causes problem for certificates using P-384 or P-521.

To Reproduce
Steps to reproduce the behavior:

  1. Load a ECC P-384 or P-521 cert into Authentik
  2. Create a OAUth2/OpenID provider and select the above ECC cert as the "Signing Key"
  3. Experience validation errors from a well-behaved JWT validation library (e.g. authlib)

Expected behavior
A valid OIDC JWT to be issued while using a P-384 or P-521 signing key

Screenshots
N/A

Logs
N/A

Version and Deployment (please complete the following information):

  • authentik version: 2024.8.3
  • Deployment: docker-compose
@Caligatio Caligatio added the bug Something isn't working label Oct 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Caligatio