ToolJet's OpenID Connect login currently only accepts ID tokens signed with RS256. When the upstream IdP signs tokens with any other algorithm permitted by the OIDC spec, login fails with:
Open ID login failed - unexpected JWT alg received, expected RS256, got: ES384
This blocks integration with IdPs that have moved to ECDSA-based signing (ES256/ES384/ES512) for better performance and shorter keys, or to RSA-PSS (PS256/PS384/PS512). ES* algorithms in particular are increasingly the default in modern IdP deployments and are mandatory-to-implement for OIDC conformance in several profiles.
ToolJet's OpenID Connect login currently only accepts ID tokens signed with RS256. When the upstream IdP signs tokens with any other algorithm permitted by the OIDC spec, login fails with:
Open ID login failed - unexpected JWT alg received, expected RS256, got: ES384
This blocks integration with IdPs that have moved to ECDSA-based signing (ES256/ES384/ES512) for better performance and shorter keys, or to RSA-PSS (PS256/PS384/PS512). ES* algorithms in particular are increasingly the default in modern IdP deployments and are mandatory-to-implement for OIDC conformance in several profiles.