rspace-online

History

Jeff Emmett 0ba9ea272e feat(oidc): switch from HS256 to RS256 token signing - Generate or load RSA keypair for OIDC token signing (OIDC_RSA_PRIVATE_KEY env) - Add /oidc/jwks endpoint exposing public key in JWK format - Update discovery document with jwks_uri and RS256 algorithm - Sign ID tokens and access tokens with RS256 private key - Verify access tokens with RS256 public key in userinfo - Fix OIDC_ISSUER default to auth.rspace.online (was auth.ridentity.online) - Add POST handler for /oidc/userinfo (RFC compliance) - Add error logging to userinfo endpoint for debugging Fixes Cloudflare Access OIDC integration which requires asymmetric token signing via JWKS for ID token verification. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-12 11:49:36 -04:00
..
encryptid	feat(oidc): switch from HS256 to RS256 token signing	2026-04-12 11:49:36 -04:00
lib	feat: add JSON WebSocket mode, demo seed data, and useDemoSync hook	2026-02-15 09:38:59 -07:00

Jeff Emmett 0ba9ea272e feat(oidc): switch from HS256 to RS256 token signing

- Generate or load RSA keypair for OIDC token signing (OIDC_RSA_PRIVATE_KEY env)
- Add /oidc/jwks endpoint exposing public key in JWK format
- Update discovery document with jwks_uri and RS256 algorithm
- Sign ID tokens and access tokens with RS256 private key
- Verify access tokens with RS256 public key in userinfo
- Fix OIDC_ISSUER default to auth.rspace.online (was auth.ridentity.online)
- Add POST handler for /oidc/userinfo (RFC compliance)
- Add error logging to userinfo endpoint for debugging

Fixes Cloudflare Access OIDC integration which requires asymmetric
token signing via JWKS for ID token verification.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-12 11:49:36 -04:00

encryptid

feat(oidc): switch from HS256 to RS256 token signing

2026-04-12 11:49:36 -04:00

lib

feat: add JSON WebSocket mode, demo seed data, and useDemoSync hook

2026-02-15 09:38:59 -07:00