-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Labels:None
-
Server Security
-
Fully Compatible
-
Security 2024-02-19
All tokens currently defined in oidc_vars.js are generated using the OIDCsignJWT function, which is always called in this module without the fourth "algorithm" parameter. This means that all test tokens are being signed using the "RS256" algorithm by default, even though the token is meant to be signed with a different digital signature algorithm.