Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-cedarling): improve error handling for JWKS responses #9966

Closed
rmarinn opened this issue Oct 29, 2024 · 0 comments · Fixed by #9982
Closed

feat(jans-cedarling): improve error handling for JWKS responses #9966

rmarinn opened this issue Oct 29, 2024 · 0 comments · Fixed by #9982
Assignees
@rmarinn
Labels
comp-jans-cedarling Touching folder /jans-cedarling enhancement kind-feature Issue or PR is a new feature request
Milestone
1.1.6

Comments

@rmarinn
Copy link
Contributor

rmarinn commented Oct 29, 2024

Is your feature request related to a problem? Please describe.

Currently, when a jwks_uri returns multiple keys with varying algorithm support, Cedarling stops initialization if any key is associated with an unsupported algorithm. This behavior can lead to unnecessary disruptions in the service.

Describe the solution you'd like

Enhance the error handling mechanism so that Cedarling does not halt initialization when encountering a key from the JWKS with an unsupported algorithm. This improvement will allow for smoother operation and better handling of dynamic key sets.

Describe alternatives you've considered

  • Using Other Libraries: Other libraries are pretty much lacking compared to the jsonwebtoken create which is probably why the jsonwebtoken crate has the most recent downloads.
  • Forking the jsonwebtoken Crate and implementing the unsupported algorithm: Modifying the jsonwebtoken crate itself is an option, but it would create maintenance challenges... it's probably better to just wait for an update for now until we really need it.

Additional context

The following algorithms are supported in the test-case server:

  • RS256
  • RS384
  • RS512
  • ES256
  • ES384
  • ES512 (not supported in the jsonwebtoken crate)
  • PS256
  • PS384
  • PS512
  • RSA1_5,
  • RSA-OAEP
  • RS256

The following algorithms are supported by the jsonwebtoken crate:

  • HS256
  • HS384
  • HS512
  • ES256
  • ES384
  • RS256
  • RS384
  • RS512
  • PS256
  • PS384
  • PS512
  • EdDSA
  • RSA1_5
  • RSA-OAEP
  • RSA-OAEP-256
@rmarinn rmarinn added comp-jans-cedarling Touching folder /jans-cedarling enhancement labels Oct 29, 2024
@rmarinn rmarinn self-assigned this Oct 29, 2024
@mo-auto mo-auto added the kind-feature Issue or PR is a new feature request label Oct 29, 2024
@rmarinn rmarinn mentioned this issue Oct 29, 2024
Merged
6 tasks
@rmarinn rmarinn linked a pull request Oct 30, 2024 that will close this issue
feat(jans-cedarling): improve error handling for JWKS responses #9982
Merged
6 tasks
@rmarinn rmarinn mentioned this issue Oct 30, 2024
Merged
6 tasks
@moabu moabu added this to the 1.1.6 milestone Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rmarinn rmarinn

Labels
comp-jans-cedarling Touching folder /jans-cedarling enhancement kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
1.1.6
Development

Successfully merging a pull request may close this issue.

feat(jans-cedarling): improve error handling for JWKS responses JanssenProject/jans
3 participants
@rmarinn @moabu @mo-auto