You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bit in between a bug report and feature request :)
The oathkeeper credentials generate command seems to have support for the EdDSA algorithm but when you try to actually use it in an id_token mutator the following error is thrown:
Since the primary use case of the credentials generate command (as far as I know at least) is to use the resulting key inside the id_token mutator, it might be better either warn it's not possible to use it that way to remove the option.
It doesn't seem like there's any issue upstream for implementing it as well.
Describe the bug
Bit in between a bug report and feature request :)
The
oathkeeper credentials generate
command seems to have support for theEdDSA
algorithm but when you try to actually use it in anid_token
mutator the following error is thrown:This seems to be because
oathkeeper/credentials/signer_default.go
Line 32 in 9ad41f0
and form3tech-oss/jwt-go has no support for
EdDSA
, onlyES*
Reproducing the bug
Kratos & Oathkeeper running inside docker behind Envoy using
extensions.filters.http.ext_authz.v3.ExtAuthz
Server logs
Server configuration
Expected behavior
Since the primary use case of the
credentials generate
command (as far as I know at least) is to use the resulting key inside theid_token
mutator, it might be better either warn it's not possible to use it that way to remove the option.It doesn't seem like there's any issue upstream for implementing it as well.
Environment
The text was updated successfully, but these errors were encountered: