Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenIdConnectServer health check does not allow RS512 only signing algorithm #2175

Open
m-gug opened this issue Mar 10, 2024 · 2 comments
Open

OpenIdConnectServer health check does not allow RS512 only signing algorithm #2175

m-gug opened this issue Mar 10, 2024 · 2 comments

Comments

@m-gug
Copy link

m-gug commented Mar 10, 2024

What happened:
The current implementation expects the OIDC provider to support RS256 as a signature algorithm.

What you expected to happen:
It should also be allowed that the OIDC provider only supports RS512 and the health check still works.

How to reproduce it (as minimally and precisely as possible):
Run the health check against a ODIC Provider that only supports RS512 as signing algorithm.

  • .NET Core version 8
  • Healthchecks version 8.0.0
@m-gug m-gug mentioned this issue Mar 10, 2024
Open
6 tasks
@DanRogers99
Copy link

We also use another signing algorithm.

It would be good if we could override this property

AspNetCore.Diagnostics.HealthChecks/src/HealthChecks.OpenIdConnectServer/OidcConstants.cs

Line 23 in 73abc7a

internal static string[] REQUIRED_ALGORITHMS => new[] { "RS256" };

@m-gug
Copy link
Author

m-gug commented Mar 18, 2024

@DanRogers99
Yes, I agree. I added to my PR so that the algorithms can be specified as parameters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DanRogers99 @m-gug