mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-14 11:47:38 +00:00
fix(oidc): ignore algorithm for legacy signer (#9148)
# Which Problems Are Solved
It was possible to set a diffent algorithm for the legacy signer. This
is not supported howerver and breaks the token endpoint.
# How the Problems Are Solved
Remove the OIDC.SigningKeyAlgorithm config option and hard-code RS256
for the legacy signer.
# Additional Changes
- none
# Additional Context
Only RS256 is supported by the legacy signer. It was mentioned in the
comment of the config not to use it and use the webkeys resource
instead.
- closes #9121
(cherry picked from commit db8d794794)
This commit is contained in:
Tim Möhlmann
committed by
Livio Spring
Livio Spring
parent
fd8e5f8cbd
commit
5f7dd9aa3d
@@ -530,9 +530,6 @@ OIDC:
|
||||
GrantTypeRefreshToken: true # ZITADEL_OIDC_GRANTTYPEREFRESHTOKEN
|
||||
RequestObjectSupported: true # ZITADEL_OIDC_REQUESTOBJECTSUPPORTED
|
||||
|
||||
# Deprecated: The signing algorithm is determined by the generated keys.
|
||||
# Use the web keys resource to generate keys with different algorithms.
|
||||
SigningKeyAlgorithm: RS256 # ZITADEL_OIDC_SIGNINGKEYALGORITHM
|
||||
# Sets the default values for lifetime and expiration for OIDC
|
||||
# This default can be overwritten in the default instance configuration and for each instance during runtime
|
||||
# !!! Changing this after the initial setup will have no impact without a restart !!!
|
||||
|
||||
Reference in New Issue
Block a user