New Features
-
Ignore unrecognized signature algorithms, encryption algorithms, and public keys when parsing provider metadata and JWK sets (#99).
Previously, this crate would return a deserialization error if it encountered any unrecognized signature/encryption algorithms or public keys in the
ProviderMetadataandJsonWebKeySet. This release changes the behavior to instead ignore these unexpected values, with the aim of improving compatibility with OIDC providers that support other algorithms but don't necessarily use them to sign JWTs. The OIDC spec allows for new algorithms and key types to be used, so these OIDC providers are fully compliant with the spec. -
Propagate signature algorithms from OIDC discovery to token verifier (#87). Previously, these had to be configured manually when instantiating the token verifier.
Bug Fixes
- Use
serde_plaininstead of theoauth2crate'svariant_namehelper to convert algorithm names and other values to strings. This should ensure compatibility with arbitrarySerializeimplementations for these types.
Other Changes
- Replace constant time from
ringwithsubtlein preparation for removingringentirely in 3.0 (#89).