feat(auth): support RS256 + OIDC discovery (JWKS auto-fetch)
Build Docker Image / build (push) Has been cancelled
Build Docker Image / build (push) Has been cancelled
Add Jwt__Algorithm config to choose between HS256 (shared symmetric key, existing behavior, default) and RS256 (Authority-based OIDC discovery, public-key auto-fetch with periodic refresh). RS256 mode makes the server compatible with any standard OAuth 2.1 / OIDC provider (Logto, ZITADEL, Keycloak, Auth0) without requiring a shared secret. HS256 mode remains the default for minimal self-built AS setups.
This commit is contained in:
@@ -16,7 +16,9 @@
|
||||
},
|
||||
|
||||
// JWT 验签配置(生产值必须通过 env 覆盖)
|
||||
// Algorithm: "HS256"(默认,与 AS 共享 SigningKey)或 "RS256"(从 Issuer 走 OIDC discovery 拉 JWKS)
|
||||
"Jwt": {
|
||||
"Algorithm": "HS256",
|
||||
"Issuer": "",
|
||||
"Audience": "obsidian",
|
||||
"SigningKey": {
|
||||
|
||||
Reference in New Issue
Block a user