From 98599690263144ee7f96922b481286e04d30a6be Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Tue, 29 Nov 2022 22:05:47 +0100
Subject: [PATCH] refactor!: default dPoPSigningAlgValues changed

BREAKING CHANGE: Default allowed DPoP signing algorithms are now just ES256 and EdDSA. RSA algorithms not allowed by default. This can be reverted using the `enabledJWA.dPoPSigningAlgValues` configuration option.
---
 docs/README.md          | 2 --
 lib/helpers/defaults.js | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/docs/README.md b/docs/README.md
index 73db6f326..378a9af97 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -3107,8 +3107,6 @@ JWS "alg" Algorithm values the provider supports to verify signed DPoP proof JWT
 _**default value**_:
 ```js
 [
-  'RS256',
-  'PS256',
   'ES256',
   'EdDSA'
 ]
diff --git a/lib/helpers/defaults.js b/lib/helpers/defaults.js
index dd7a5dfe7..39d59713e 100644
--- a/lib/helpers/defaults.js
+++ b/lib/helpers/defaults.js
@@ -2663,7 +2663,7 @@ function makeDefaults() {
        * ```
        */
       dPoPSigningAlgValues: [
-        'RS256', 'PS256', 'ES256', 'EdDSA',
+        'ES256', 'EdDSA',
       ],
     },
   };