You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code using "alg" in the jwk parsing is disabled. The alg is determined with the len of the "n" modulus found in the jwk.
Using the modulus len with Google/Microsoft/Github oauth/oidc endpoints is working well.
Gitlab is actually providing "alg" as "RS256" but the provided "n" modulus len is 512, which cause rsa.Verify to fail.
By using the "alg" value, the verification is done correctly.
In:
oidc/internal/jwk/jwk_parse.go
Line 79 in be77d2c
The code using "alg" in the jwk parsing is disabled. The alg is determined with the len of the "n" modulus found in the jwk.
Using the modulus len with Google/Microsoft/Github oauth/oidc endpoints is working well.
Gitlab is actually providing "alg" as "RS256" but the provided "n" modulus len is 512, which cause rsa.Verify to fail.
By using the "alg" value, the verification is done correctly.
RSA private key representation
gitlab keys from oidc configuration url
The text was updated successfully, but these errors were encountered: