Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to customize JWT token algorithm for OIDC and OIDC client #21201

Merged
merged 1 commit into from
Nov 4, 2021
Merged

Allow to customize JWT token algorithm for OIDC and OIDC client #21201

merged 1 commit into from
Nov 4, 2021

Conversation

sberyozkin
Copy link
Member

@sberyozkin sberyozkin commented Nov 4, 2021
edited
Loading

This PR follows #21192 - makes it possible to customize a token signature algorithm by using quarkus.oidc.credentials.jwt or quarkus.oidc-client.credentials.jwt scoped signature-algorithm property to make it more flexible as opposed to relying on a global property.

We have already have 3 separate JWT authentication oidc-client and oidc tests so rather than creating a new one I just modified the existing one - the secret key which is used has length 512 bits or more - so it just worked - I can confirm that if trim this key a bit then I see

org.jose4j.lang.InvalidKeyException: A key of the same size as the hash output (i.e. 512 bits for HS512) or larger MUST be used with the HMAC SHA algorithms but this key is only 336 bits

PR itself is very simple - just adds a signature-algorithm property and updates the JWT JWS builder if it is set

@sberyozkin sberyozkin merged commit 4576c99 into quarkusio:main Nov 4, 2021
@quarkus-bot quarkus-bot bot added this to the 2.5 - main milestone Nov 4, 2021
@sberyozkin sberyozkin deleted the oidc_jwt_algorithm branch November 4, 2021 21:48
@sberyozkin sberyozkin mentioned this pull request Nov 4, 2021
Closed
@gsmet gsmet modified the milestones: 2.5.0.CR1, 2.4.2.Final Nov 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gastaldi gastaldi gastaldi approved these changes

@pedroigor pedroigor Awaiting requested review from pedroigor

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.4.2.Final
Development

Successfully merging this pull request may close these issues.
3 participants
@sberyozkin @gastaldi @gsmet