letro/letro-authentication-service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Convert use case list to bullet points and note the niche private_key_jwt method

Browse Source
This commit is contained in:
Olivier 'reivilibre
2025-12-02 12:22:33 +00:00
parent 53cd956250
commit b7b5dd53bf
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/reference/configuration.md
View File

@@ -238,9 +238,12 @@ The following key formats are supported:
- PKCS#8 PEM or DER-encoded RSA or ECDSA private key, encrypted or not
- SEC1 PEM or DER-encoded ECDSA private key
The signing keys are used for signing ID Tokens (as returned in the [Token Endpoint]
at `/oauth2/token`) and for signing the response of the [UserInfo Endpoint] at
`/oauth2/userinfo` if the client requests a signed response.
The signing keys are used for:
- signing ID Tokens (as returned in the [Token Endpoint] at `/oauth2/token`);
- signing the response of the [UserInfo Endpoint] at `/oauth2/userinfo` if the
client requests a signed response;
- (niche) signing a JWT for authenticating to an upstream OAuth provider when
the `private_key_jwt` client auth method is configured.
At a minimum, an RSA key must be configured in order to be compliant with the
[OpenID Connect Core specification][oidc-core-rs256] which specifies the RS256 algorithm