Add EdDSA algorithm support #378
Conversation
oidc/oidc.go
Outdated
| @@ -450,6 +452,8 @@ func (i *IDToken) VerifyAccessToken(accessToken string) error { | |||
| h = sha512.New384() | |||
| case RS512, ES512, PS512: | |||
| h = sha512.New() | |||
| case EdDSA: | |||
| return errUnsupportedAlgorithm | |||
There was a problem hiding this comment.
wouldn't this be sha512.New()?
There was a problem hiding this comment.
I believe that verifying EdDSA key with ed25519 protocol is a bit more complicated than the pattern that exists here short explanation
There was a problem hiding this comment.
This is only for the at_hash value, it's not doing full verification :)
Here is an example provider that supports EdDSA. I was not originally planning on adding verification functionality as it is more complicated for ed25519 protocol. |
|
Did you mean to hyperlink something in that comment? I don't think I'd want to merge this if it only implements partial support. I can add verification functionality when I get a sec. |
lritter14
force-pushed
the
add-EdDSA-support
branch
from
9f7f5bd
to
46e8a76
Compare
|
I added some additional tests and took your suggestion for using sha512.New() to verify the hash. I am not super knowledgeable in this space so I am not confident in that change. P.S. closing the PR was a mistake |
Support EdDSA alogrithm for providers.
lritter14
force-pushed
the
add-EdDSA-support
branch
from
46e8a76
to
5337bf1
Compare
|
If there are any issues with the at_hash support, we can always fix it up later. I'm not super worried about it. |
Allows for providers to use EdDSA algorithm but does not support verifying access tokens.