Skip to content

2.5.1
Compare
Choose a tag to compare
@ramosbugs ramosbugs released this 09 Mar 22:57
· 1 commit to support/2.x since this release
2.5.1
216d7c6

Bug Fixes

  • Don't set empty JWK signing algorithms in Client::new() (#104). This fixes a bug introduced in 2.5.0 (#87) that caused clients constructed via Client::new() not to allow any signature algorithms for ID tokens and user info JWTs unless they manually set the allowed algorithms on the IdTokenVerifier. This patch restores the original behavior of defaulting to accepting only RS256 for clients constructed via Client::new(), as indicated in the spec.

    Clients constructed via Client::from_provider_metadata() will continue to receive the signing algorithms specified in the provider metadata during OpenID Connect Discovery (as introduced in 2.5.0 via #87).

Assets 2
Loading