Skip to content

Comments

Add ECDSA support for OIDC id tokens#1048

Merged
sourishkrout merged 1 commit intomainfrom
seb/ecdsa
Feb 20, 2026
Merged

Add ECDSA support for OIDC id tokens#1048
sourishkrout merged 1 commit intomainfrom
seb/ecdsa

Conversation

@sourishkrout
Copy link
Contributor

This allows well-knowns to contain not just RSA keys.

Signed-off-by: Sebastian (Tiedtke) Huckleberry <sebastiantiedtke@gmail.com>
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds ECDSA (Elliptic Curve Digital Signature Algorithm) support to the OIDC authentication implementation, allowing the system to verify JWT tokens signed with ES256, ES384, and ES512 algorithms in addition to the existing RSA support.

Changes:

  • Extended JWKS parsing to handle both RSA and EC (Elliptic Curve) key types
  • Updated token verification to accept both RSA and ECDSA signing methods
  • Enhanced test infrastructure to generate and verify tokens with both signing algorithms

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
pkg/agent/iam/oidc.go Added EC key parsing in downloadJWKS() with proper curve validation using crypto/ecdh, updated verifyToken() to accept ECDSA signing methods, changed publicKeys map type to any to support both RSA and ECDSA keys, and enhanced TestIDP to generate tokens with both signing methods
pkg/agent/iam/oidc_test.go Added TestOIDC_DownloadJWKS_EC to verify EC key downloading and parsing, and TestOIDC_VerifyToken_ES256 to test ES256 token verification and interoperability with RS256 tokens

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@sourishkrout sourishkrout merged commit 0a46774 into main Feb 20, 2026
10 checks passed
@sourishkrout sourishkrout deleted the seb/ecdsa branch February 20, 2026 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant