Support RS256/JWKS for signing/verifying OAUTH JWTs #7350

New Issue

GiteaMirror · 2025-11-02T07:23:38-06:00

GiteaMirror commented

2025-11-02 07:23:38 -06:00

Originally created by @techknowlogick on GitHub (May 17, 2021).

Background information on RS256 here: https://auth0.com/blog/navigating-rs256-and-jwks/

Utilizing RS256 (as an option) to sign JWTs means that a shared secret won't need to be shared with applications to verify the validity of the token (likely currently applications assume tokens are valid without checking signature).

Two applications that I tested using our OIDC well-known endpoint, which are Sourcegraph and Smallstep CA, fail due to them needing to verify tokens they receive.

I'm willing to payout a bounty of $100USD on this (minus whatever bogus fees paypal requires), and pay that directly to contributor who completes this ticket. This is instead of using bounty source as they takes slightly more off top than paypal directly (I'm going this way to incentivise completion even slightly more).

cc: @jonasfranz

Edit: For this ticket please also create a jwks_uri and add it to the wellknown oidc endpoint.

Originally created by @techknowlogick on GitHub (May 17, 2021). Background information on RS256 here: https://auth0.com/blog/navigating-rs256-and-jwks/ Utilizing RS256 (as an option) to sign JWTs means that a shared secret won't need to be shared with applications to verify the validity of the token (likely currently applications assume tokens are valid without checking signature). Two applications that I tested using our OIDC well-known endpoint, which are Sourcegraph and Smallstep CA, fail due to them needing to verify tokens they receive. I'm willing to payout a bounty of $100USD on this (minus whatever bogus fees paypal requires), and pay that directly to contributor who completes this ticket. This is instead of using bounty source as they takes slightly more off top than paypal directly (I'm going this way to incentivise completion even slightly more). cc: @jonasfranz Edit: For this ticket please also create a jwks_uri and add it to the wellknown oidc endpoint.

GiteaMirror added the type/feature topic/security labels 2025-11-02 07:23:38 -06:00

GiteaMirror closed this issue

2025-11-02 07:23:38 -06:00

GiteaMirror commented

2025-11-02 07:23:39 -06:00

@KN4CK3R commented on GitHub (May 26, 2021):

I have implemented this and tested it with Sourcegraph:

Currently I create a random RSA key on startup. How should we make this configurable in the app.ini?
As files?

JWT_PUB_KEY_FILE = custom/jwt/key.pub
JWT_PRIV_KEY_FILE = custom/jwt/key.priv

Should both signing methods be available (HS256, RS256)? What should be the default?

@KN4CK3R commented on GitHub (May 26, 2021): I have implemented this and tested it with Sourcegraph: ![grafik](https://user-images.githubusercontent.com/1666336/119709931-10068c80-be5e-11eb-90ff-5de09ef1ab73.png) ![grafik](https://user-images.githubusercontent.com/1666336/119709989-23b1f300-be5e-11eb-80f4-43b3e73408ca.png) Currently I create a random RSA key on startup. How should we make this configurable in the `app.ini`? As files? ``` JWT_PUB_KEY_FILE = custom/jwt/key.pub JWT_PRIV_KEY_FILE = custom/jwt/key.priv ``` Should both signing methods be available (`HS256`, `RS256`)? What should be the default?

GiteaMirror commented

2025-11-02 07:23:39 -06:00

@techknowlogick commented on GitHub (May 26, 2021):

@KN4CK3R ❤️ yeah, I think the same approach that the builtin SSH server has for generating certs is acceptable. I think that RS256 may be a better default, as section 10.2 of the OIDC spec says "symmetric encryption MUST NOT be used by public (non-confidential) Clients because of their inability to keep secrets.", so it'd allow more flexible use cases.

@techknowlogick commented on GitHub (May 26, 2021): @KN4CK3R ❤️ yeah, I think the same approach that the builtin SSH server has for generating certs is acceptable. I think that `RS256` may be a better default, as section 10.2 of the [OIDC spec](https://openid.net/specs/openid-connect-core-1_0.html) says "symmetric encryption MUST NOT be used by public (non-confidential) Clients because of their inability to keep secrets.", so it'd allow more flexible use cases.

GiteaMirror commented

2025-11-02 07:23:39 -06:00

@techknowlogick commented on GitHub (Jun 17, 2021):

To close the loop on this, I've paid out the bounty prior to the merge of this PR. Thanks again to @KN4CK3R for their work on this :)

@techknowlogick commented on GitHub (Jun 17, 2021): To close the loop on this, I've paid out the bounty prior to the merge of this PR. Thanks again to @KN4CK3R for their work on this :)

GiteaMirror commented

2025-11-02 07:23:40 -06:00

@viceice commented on GitHub (Aug 23, 2021):

Will this change invalidate all my api keys? Or can i simply restart my drone ci and it works as before?

Setting JWT_SIGNING_ALGORITHM: HS256 for now, so i don't have this breaking change.

@viceice commented on GitHub (Aug 23, 2021): Will this change invalidate all my api keys? Or can i simply restart my drone ci and it works as before? Setting `JWT_SIGNING_ALGORITHM: HS256` for now, so i don't have this breaking change.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#7350