failed to determine a JWS Algorithm to use for private_key_jwt Client Assertion #497

nickbr5 · 2022-06-13T15:43:00Z

nickbr5
Jun 13, 2022

Hi,

We are trying to use the private_key_jwt as token_endpoint_auth_method.

Currently we are stuck on the following error: failed to determine a JWS Algorithm to use for private_key_jwt Client Assertion

If we add token_endpoint_auth_signing_alg: 'EdDSA' to the metadata we still get the error: no key found in client jwks to sign a client assertion with using alg EdDSA.

This is an example of the jwk format we are using:

{
  alg: 'EdDSA',
  crv: 'P-256',
  d: 'ARzYJ9aymc2gQmVMJnkI9j95u9boeIe_4rc_R9IHDb8',
  kty: 'EC',
  x: '3F6j3JdGvxhI91CY6-ONid7mop1Q-PMH_VKY45dQzks',
  y: 's_jicmKxvqpITvnNOHA9AfpEo2QNeld3jtuWKHO1yu0'
}

This is how we import it into the client:

const jwk = JSON.parse(this.config.jwk) as jose.JWK;
return new issuer.Client(metadata, { keys: [jwk] });

Do you have a suggestion what we are doing wrong?

Thank you!

Answered by panva

Jun 13, 2022

You cannot do EdDSA over a P-256 EC key. You need an Ed25519 or Ed448 OKP key.

View full answer

panva · 2022-06-13T15:44:53Z

panva
Jun 13, 2022
Maintainer

You cannot do EdDSA over a P-256 EC key. You need an Ed25519 or Ed448 OKP key.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

failed to determine a JWS Algorithm to use for private_key_jwt Client Assertion #497

{{title}}

Replies: 1 comment

{{title}}

Select a reply

failed to determine a JWS Algorithm to use for private_key_jwt Client Assertion #497

nickbr5 Jun 13, 2022

Replies: 1 comment

panva Jun 13, 2022 Maintainer

nickbr5
Jun 13, 2022

panva
Jun 13, 2022
Maintainer