Add ui and settings for OpenID Signing Algorithm

2025-12-28 14:49:38 +00:00 · 2024-04-03 16:18:13 +02:00 · 2024-04-03 16:18:13 +02:00 · 6c9a811472
commit 6c9a811472
parent 8e46181ba0
3 changed files with 19 additions and 4 deletions
--- a/server/Auth.js
+++ b/server/Auth.js
@ -85,7 +85,8 @@ class Auth {
      token_endpoint: global.ServerSettings.authOpenIDTokenURL,
      userinfo_endpoint: global.ServerSettings.authOpenIDUserInfoURL,
      jwks_uri: global.ServerSettings.authOpenIDJwksURL,
-      end_session_endpoint: global.ServerSettings.authOpenIDLogoutURL
+      end_session_endpoint: global.ServerSettings.authOpenIDLogoutURL,
+      id_token_signed_response_alg: global.ServerSettings.authOpenIDTokenSigningAlgorithm
    }).Client
    const openIdClient = new openIdIssuerClient({
      client_id: global.ServerSettings.authOpenIDClientID,
@ -650,7 +651,8 @@ class Auth {
          token_endpoint: data.token_endpoint,
          userinfo_endpoint: data.userinfo_endpoint,
          end_session_endpoint: data.end_session_endpoint,
-          jwks_uri: data.jwks_uri
+          jwks_uri: data.jwks_uri,
+          id_token_signing_algorithm: data.id_token_signing_alg_values_supported?.[0]
        })
      }).catch((error) => {
        Logger.error(`[Auth] Failed to get openid configuration at "${configUrl}"`, error)
--- a/server/objects/settings/ServerSettings.js
+++ b/server/objects/settings/ServerSettings.js
@ -68,13 +68,14 @@ class ServerSettings {
    this.authOpenIDLogoutURL = null
    this.authOpenIDClientID = null
    this.authOpenIDClientSecret = null
+    this.authOpenIDTokenSigningAlgorithm = 'RS256'
    this.authOpenIDButtonText = 'Login with OpenId'
    this.authOpenIDAutoLaunch = false
    this.authOpenIDAutoRegister = false
    this.authOpenIDMatchExistingBy = null
    this.authOpenIDMobileRedirectURIs = ['audiobookshelf://oauth']
    this.authOpenIDGroupClaim = ''
-    this.authOpenIDAdvancedPermsClaim = '' 
+    this.authOpenIDAdvancedPermsClaim = ''

    if (settings) {
      this.construct(settings)
@ -127,6 +128,7 @@ class ServerSettings {
    this.authOpenIDLogoutURL = settings.authOpenIDLogoutURL || null
    this.authOpenIDClientID = settings.authOpenIDClientID || null
    this.authOpenIDClientSecret = settings.authOpenIDClientSecret || null
+    this.authOpenIDTokenSigningAlgorithm = settings.authOpenIDTokenSigningAlgorithm || 'RS256'
    this.authOpenIDButtonText = settings.authOpenIDButtonText || 'Login with OpenId'
    this.authOpenIDAutoLaunch = !!settings.authOpenIDAutoLaunch
    this.authOpenIDAutoRegister = !!settings.authOpenIDAutoRegister
@ -217,6 +219,7 @@ class ServerSettings {
      authOpenIDLogoutURL: this.authOpenIDLogoutURL,
      authOpenIDClientID: this.authOpenIDClientID, // Do not return to client
      authOpenIDClientSecret: this.authOpenIDClientSecret, // Do not return to client
+      authOpenIDTokenSigningAlgorithm: this.authOpenIDTokenSigningAlgorithm,
      authOpenIDButtonText: this.authOpenIDButtonText,
      authOpenIDAutoLaunch: this.authOpenIDAutoLaunch,
      authOpenIDAutoRegister: this.authOpenIDAutoRegister,
@ -252,7 +255,8 @@ class ServerSettings {
      this.authOpenIDUserInfoURL &&
      this.authOpenIDJwksURL &&
      this.authOpenIDClientID &&
-      this.authOpenIDClientSecret
+      this.authOpenIDClientSecret &&
+      this.authOpenIDTokenSigningAlgorithm
  }

  get authenticationSettings() {
@ -267,6 +271,7 @@ class ServerSettings {
      authOpenIDLogoutURL: this.authOpenIDLogoutURL,
      authOpenIDClientID: this.authOpenIDClientID, // Do not return to client
      authOpenIDClientSecret: this.authOpenIDClientSecret, // Do not return to client
+      authOpenIDTokenSigningAlgorithm: this.authOpenIDTokenSigningAlgorithm,
      authOpenIDButtonText: this.authOpenIDButtonText,
      authOpenIDAutoLaunch: this.authOpenIDAutoLaunch,
      authOpenIDAutoRegister: this.authOpenIDAutoRegister,