Add support for RS256/RS384/RS512 to sign ID Tokens (#184)
This commit is contained in:
parent
895d7f3ef1
commit
da31a15cb9
|
@ -42,7 +42,7 @@ $configuration->{grant_types_supported} =
|
|||
# $configuration->{acr_values_supported}
|
||||
$configuration->{subject_types_supported} = ["public"];
|
||||
$configuration->{id_token_signing_alg_values_supported} =
|
||||
[qw/none RS256 RS384 RS512/];
|
||||
[qw/none HS256 HS384 HS512 RS256 RS384 RS512/];
|
||||
|
||||
# $configuration->{id_token_encryption_alg_values_supported}
|
||||
# $configuration->{id_token_encryption_enc_values_supported}
|
||||
|
|
|
@ -1135,6 +1135,30 @@ sub createIDToken {
|
|||
return $id_token_header . "." . $id_token_payload . "." . $digest;
|
||||
}
|
||||
|
||||
if ( $alg eq "RS256" or $alg eq "RS384" or $alg eq "RS512" ) {
|
||||
|
||||
# Get signing private key
|
||||
my $priv_key = $self->{oidcServicePrivateKeySig};
|
||||
my $rsa_priv = Crypt::OpenSSL::RSA->new_private_key($priv_key);
|
||||
|
||||
if ( $alg eq "RS256" ) {
|
||||
$rsa_priv->use_sha256_hash;
|
||||
}
|
||||
|
||||
if ( $alg eq "RS384" ) {
|
||||
$rsa_priv->use_sha384_hash;
|
||||
}
|
||||
|
||||
if ( $alg eq "RS512" ) {
|
||||
$rsa_priv->use_sha512_hash;
|
||||
}
|
||||
|
||||
my $digest = encode_base64url(
|
||||
$rsa_priv->sign( $id_token_header . "." . $id_token_payload ) );
|
||||
|
||||
return $id_token_header . "." . $id_token_payload . "." . $digest;
|
||||
}
|
||||
|
||||
$self->lmLog( "Algorithm $alg not supported to sign ID Token", 'debug' );
|
||||
|
||||
return;
|
||||
|
|
Loading…
Reference in New Issue
Block a user