Strict on which signing algorithm that can be used.

IdentityPython · Mar 16, 2020 · 89dba21 · 89dba21
1 parent fa38178
commit 89dba21
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/oidcservice/oidc/access_token.py b/src/oidcservice/oidc/access_token.py
@@ -31,10 +31,13 @@ def gather_verify_arguments(self):
         :return: dictionary with arguments to the verify call
         """
         _ctx = self.service_context
+        # Default is RS256
+        _allowed_sign_alg = _ctx.registration_response.get("id_token_signed_response_alg", "RS256")
+
         kwargs = {
             'client_id': _ctx.client_id, 'iss': _ctx.issuer,
             'keyjar': _ctx.keyjar, 'verify': True,
-            'skew': _ctx.clock_skew
+            'skew': _ctx.clock_skew, 'allowed_sign_alg': _allowed_sign_alg
         }
 
         for attr, param in IDT2REG.items():