Preflight Checklist
Problem Description
Telegram recently started using secp256k1 curve (which seems to be a valid choice according to recent changes to jose spec) in their new OIDC provider. This curve is currently not supported by Dex - trying to log in will lead to 500 Internal server error with go-jose errors in logs.
oidc: failed to verify ID Token: failed to verify signature: fetching keys oidc: failed to decode keys: got Content-Type = application/json, but could not unmarshal as JSON: go-jose/go-jose: unsupported elliptic curve 'secp256k1'
Proposed Solution
Similar issue appeared in supabase, proposed solution was to add a separate jwt verifier path for this specific curve.
supabase/auth#2534
Alternatives Considered
No response
Additional Information
No response
Preflight Checklist
Problem Description
Telegram recently started using secp256k1 curve (which seems to be a valid choice according to recent changes to jose spec) in their new OIDC provider. This curve is currently not supported by Dex - trying to log in will lead to 500 Internal server error with go-jose errors in logs.
Proposed Solution
Similar issue appeared in supabase, proposed solution was to add a separate jwt verifier path for this specific curve.
supabase/auth#2534
Alternatives Considered
No response
Additional Information
No response