Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oidc: id token signed with unsupported algorithm, expected ["RS256"] got "RS512" #9433

Closed
chmielas opened this issue May 17, 2022 · 1 comment · Fixed by #9761
Closed

oidc: id token signed with unsupported algorithm, expected ["RS256"] got "RS512" #9433

chmielas opened this issue May 17, 2022 · 1 comment · Fixed by #9761
Assignees
@crenshaw-dev
Labels
bug Something isn't working

Comments

@chmielas
Copy link

Checklist:

  • [ x] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
  • [ x] I've included steps to reproduce the bug.
  • [ x] I've pasted the output of argocd version.

Describe the bug

When using configuration via native OIDC, it is currently not possible to use other encryption algorithms for ID Token than RS256.
In such case following error is returned during login :
oidc: id token signed with unsupported algorithm, expected ["RS256"] got "RS512

This is related to the version of go-oidc v2.1.0. package used in ArgoCD.
Please upgrade go-oidc package to version v2.2.0 or higher which contains the following fix
coreos/go-oidc#227

To Reproduce

Update argocd config with the following configuration
oidc.config: |
  name: Native OIDC login
  issuer: https://myserver/protocols/oidc
  clientID: 	xxx-xxx
  clientSecret: yyy
  requestedScopes: ["default", "email" "openid", "profile"]
url: https://argocd.myserver.com/

And login using OIDC which supports other ID token algorithms than RS256

Version

v2.1.10
@chmielas chmielas added the bug Something isn't working label May 17, 2022
@crenshaw-dev crenshaw-dev self-assigned this Jun 22, 2022
crenshaw-dev added a commit to crenshaw-dev/argo-cd that referenced this issue Jun 22, 2022
@crenshaw-dev
fix: respect OIDC providers' supported token signing algorithms (argo…
8c1d7f1 
…proj#9433)

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
@crenshaw-dev crenshaw-dev mentioned this issue Jun 22, 2022
Merged
crenshaw-dev added a commit that referenced this issue Jun 22, 2022
@crenshaw-dev
fix: respect OIDC providers' supported token signing algorithms (#9433)…
19cfbfd 
… (#9761)

* fix: respect OIDC providers' supported token signing algorithms (#9433)

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* go mod tidy

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
crenshaw-dev added a commit that referenced this issue Jun 27, 2022
@crenshaw-dev
fix: respect OIDC providers' supported token signing algorithms (#9433)…
c089f9a 
… (#9761)

* fix: respect OIDC providers' supported token signing algorithms (#9433)

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>

* go mod tidy

Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
@crenshaw-dev
Copy link
Member

Fix was released with 2.4.3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@crenshaw-dev crenshaw-dev

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: respect OIDC providers' supported token signing algorithms (#9433) crenshaw-dev/argo-cd
2 participants
@crenshaw-dev @chmielas