github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-05-06 07:01:45 -05:00
Code Issues 1.5k Packages Projects Releases 54 Wiki Activity

[GH-ISSUE #5537] [Feature] Support ECDSA based OpenID Connect Algorithms #44037

New Issue
Closed
opened 2026-04-26 04:55:17 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-04-26 04:55:17 -05:00
Owner
Copy Link

Originally created by @leona-ya on GitHub (Aug 10, 2025).
Original GitHub issue: https://github.com/actualbudget/actual/issues/5537

Verified feature request does not already exist?

  • I have searched and found no existing issue

💻

  • Would you like to implement this feature?

Pitch: what problem are you trying to solve?

Currently, actual requires to use RS256 type JWTs. As RSA is more and more not the most up-to-date algorithm and both JWT and OIDC support newer cryptography algs like ECDSA, it would be cool if these are supported. A common OIDC implementation that supports that natively is Keycloak and almost all other applications I use work with that too

Currently, it throws an exception:

OpenID grant failed: RPError: unexpected JWT alg received, expected RS256, got: ES384
     at Client.validateJWT (/nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/node_modules/openid-client/lib/client.js:938:13)
     at Client.validateIdToken (/nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/node_modules/openid-client/lib/client.js:793:60)
     at Client.callback (/nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/node_modules/openid-client/lib/client.js:532:18)
     at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
     at async loginWithOpenIdFinalize (file:///nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/packages/sync-server/src/accounts/openid.js:159:24)
     at async file:///nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/packages/sync-server/src/app-openid.js:72:28 { [ cut for privacy ] }

thank you!

### Describe your ideal solution to this problem

Support `ESxxx` JWT algorithms

### Teaching and learning

I don't really think this needs to be documented, as it's just a small feature that follows from the documentation. But if you decide to not implement this for now, it would be great to have a one-liner explaining to use RS256 only in the docs.
Originally created by @leona-ya on GitHub (Aug 10, 2025). Original GitHub issue: https://github.com/actualbudget/actual/issues/5537 ### Verified feature request does not already exist? - [x] I have searched and found no existing issue ### 💻 - [ ] Would you like to implement this feature? ### Pitch: what problem are you trying to solve? Currently, actual requires to use RS256 type JWTs. As RSA is more and more not the most up-to-date algorithm and both JWT and OIDC support newer cryptography algs like ECDSA, it would be cool if these are supported. A common OIDC implementation that supports that natively is Keycloak and almost all other applications I use work with that too Currently, it throws an exception: ``` OpenID grant failed: RPError: unexpected JWT alg received, expected RS256, got: ES384 at Client.validateJWT (/nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/node_modules/openid-client/lib/client.js:938:13) at Client.validateIdToken (/nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/node_modules/openid-client/lib/client.js:793:60) at Client.callback (/nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/node_modules/openid-client/lib/client.js:532:18) at process.processTicksAndRejections (node:internal/process/task_queues:105:5) at async loginWithOpenIdFinalize (file:///nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/packages/sync-server/src/accounts/openid.js:159:24) at async file:///nix/store/2c27wy0p9c500ic9q5d7kjk81x60gzny-actual-server-25.7.1/lib/actual/packages/sync-server/src/app-openid.js:72:28 { [ cut for privacy ] } thank you! ### Describe your ideal solution to this problem Support `ESxxx` JWT algorithms ### Teaching and learning I don't really think this needs to be documented, as it's just a small feature that follows from the documentation. But if you decide to not implement this for now, it would be great to have a one-liner explaining to use RS256 only in the docs.
GiteaMirror added the needs votesfeature labels 2026-04-26 04:55:18 -05:00
GiteaMirror commented 2026-04-26 04:55:19 -05:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Aug 10, 2025):

Thanks for sharing your idea!

This repository uses a voting-based system for feature requests. While enhancement issues are automatically closed, we still welcome feature requests! The voting system helps us gauge community interest in potential features. We also encourage community contributions for any feature requests marked as needing votes (just post a comment first so we can help guide you toward a successful contribution).

The enhancement backlog can be found here: https://github.com/actualbudget/actual/issues?q=label%3A%22needs+votes%22+sort%3Areactions-%2B1-desc+

Don’t forget to upvote the top comment with 👍!

<!-- gh-comment-id:3172848483 --> @github-actions[bot] commented on GitHub (Aug 10, 2025): :sparkles: Thanks for sharing your idea! :sparkles: This repository uses a voting-based system for feature requests. While enhancement issues are automatically closed, we still welcome feature requests! The voting system helps us gauge community interest in potential features. We also encourage community contributions for any feature requests marked as needing votes (just post a comment first so we can help guide you toward a successful contribution). The enhancement backlog can be found here: https://github.com/actualbudget/actual/issues?q=label%3A%22needs+votes%22+sort%3Areactions-%2B1-desc+ Don’t forget to upvote the top comment with 👍! <!-- feature-auto-close-comment -->
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
AI generated
API
bank sync
budgeting
bug
can’t replicate
dependencies
docker
documentation
electron
experimental feature
feature
feedback
goal templates
good first issue
help wanted
importers
maintenance
needs info
needs testing
needs triage
needs votes
openid
payees
pull-request
Mirrored from GitHub Pull Request
 regression
reports
responsive
rules
schedules
server
merged
split transactions
tech debt
theme
transaction import
transaction reconciliation
transactions
translations
upstream
user interface
approved
wontfix
No Label feature needs votes
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/actual#44037
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?