Skip to content

Overly broad signature algorithm support #52

Description

@nightkr

https://github.com/ena-infrastructure/specifications/blob/39a659490c1d1bbaeb6e32f93fab0ef82b4fee61/ena-oauth2-profile.md#82-cryptographic-algorithms requires both RS256 and ES256 to be supported (with their respective families as RECOMMENDED).

That would make sense during a migration scenario, but given that this is effectively greenfield I think it'd make sense to pick one winner (for now) and go with it. Supporting both wouldn't help much with interop anyway, since you're saddling everyone with that support burden.

HS256 support is also inherited from RFC7518, but can at least be justified by having a different use case (symmetric vs asymmetric crypto). Then again, symmetric signatures aren't really useful in a federation context without separate key negotiation anyway.

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions