Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13435

token_endpoint_auth_signing_alg_values_supported not populated in the well-known

    Details

    • Target Version/s:
    • Needs backport:
      Yes
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      Similar to OPENAM-13434 but for token_endpoint_auth_signing_alg_values_supported

      token_endpoint_auth_signing_alg_values_supported
      OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT [JWT] used to authenticate the Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. Servers SHOULD support RS256. The value none MUST NOT be used.
      

      Optional doesn't mean we don't have to implement it, it means if it's empty, it has a default value. Here, it's RS256.

      How to reproduce the issue

      call the wellknown:
      https://as.aspsp.ob.forgerock.financial/oauth2/.well-known/openid-configuration

      Expected behaviour
      TOKEN ENDPOINT AUTH SIGNING ALG SUPPORTED
      
      Current behaviour
      Empty
      

      In my OB setup, I would expect AM to return ["RS256","PS256"]

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                phillcunnington Phill Cunnington
                Reporter:
                quentin.castel Quentin CASTEL [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: