Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Token is decrypted using all keys if no key ID matches #3129

Open
pmaytak opened this issue Feb 13, 2025 · 0 comments · May be fixed by #3128
Open

[Bug] Token is decrypted using all keys if no key ID matches #3129

pmaytak opened this issue Feb 13, 2025 · 0 comments · May be fixed by #3128
Assignees
@pmaytak
Labels
Bug Product is not functioning as expected P1 More important, prioritize highly
Milestone
8.5.0

Comments

@pmaytak
Copy link
Contributor

pmaytak commented Feb 13, 2025

Currently the precedence for token decryption keys is:

  • TokenValidationParameters.TokenDecryptionKeyResolver, if set.
  • TokenValidationParameters.TokenDecryptionKey, if set and key ID matches.
  • TokenValidationParameters.TokenDecryptionKeys, if set and contains any keys where key ID matches.
  • TokenValidationParameters.TokenDecryptionKey, TokenValidationParameters.TokenDecryptionKeys, and TokenDecryptionKeys from configuration.

Signature validation has similar logic and also has TryAllIssuerSigningKeys flag as a fallback.

Add TryAllDecryptionKeys flag, which when set, will enable validating tokens if key IDs don't match. If not set, only keys with matching key IDs will be used.
@pmaytak pmaytak added Bug Product is not functioning as expected P1 More important, prioritize highly labels Feb 13, 2025
@pmaytak pmaytak added this to the 8.5.0 milestone Feb 13, 2025
@pmaytak pmaytak self-assigned this Feb 13, 2025
@pmaytak pmaytak linked a pull request Feb 13, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmaytak pmaytak

Labels
Bug Product is not functioning as expected P1 More important, prioritize highly
Projects
None yet
Milestone
8.5.0
1 participant
@pmaytak