undefined | Better HN

story

0 pointscatlifeonmars5y ago0 comments

I noticed after reading your comment that HS256 is marked as “required” for compliant implantations. In practice, I have only ever seen signers implement RS256 though...

0 comments

sascha_sl5y ago

In OIDC you can actually specificy supported key types in the discovery process and the IdP always decides the key type anyway.

HS256 relies in shared secrets, so anyone who can verify a token can also change it. RS256 allows you to download the IdP keychain every once in a while and verify tokens offline.

catlifeonmarsOP5y ago

Yes, that’s what I meant. I only see RS256 implemented by identity providers (and advertised via .well-known/openid-configuration). This makes sense, since most identity providers are decoupled from their clients and thus cannot feasibly share a symmetric key. I am confused what is meant in the JWA specification[1] by “HS256: required” under “implementation requirements” in the table of allowed values (the entry for RS256 reads “recommended” for that column).

[1]: https://tools.ietf.org/html/rfc7518#section-3.1

j / k navigate · click thread line to collapse