-
-
Notifications
You must be signed in to change notification settings - Fork 481
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using an ECC certificate for signing the keys #755
Comments
What's the exact exception? Are you using OpenIddict on .NET Framework? If so, what version? |
Using OpenIddict with .NET core 2.2 Retrieving the Certificate with:
And then setting it like: options.AddSigningCertificate(this.RetrieveCertificate()); The exception is the following: [13:51:50 Error] Microsoft.AspNetCore.Server.Kestrel |
Oh yeah, that's due to IdentityModel, that still doesn't support X.509 EC certificates. To work around this limitation, you can do something like @brentschmaltz is EC certificates support on your radar? |
Got it working with the code you provided, first i got an exception about Keyset not found, but that was simply because Visual studio wasn't running in Administrator mode. Still interested in the answer from brent, so if you don't mind i'll leave it open until he responded. |
Hey, I tried running a client (should have probably done this before) and got the following error now: fail: Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler[17] I've changed nothing in the client itself, should I do this now that i don't use a certificate but only set the SigningKey? I get that this error is coming from IdentityModel, but since @brentschmaltz is already tagged and this issue might also be of significance to Openiddict, i'll leave it here for now. |
@PinpointTownes any update? I think i found the problem that i had. To the client application, this was not required with the RSA certificate i believe. |
What |
It seems we're using 5.4.0, will updating it to 5.5 make it possible to leave it up to discovery to get the token? Edit: After updating the Client to use 5.5.0 it indeed does not need to be specified explicitly again. |
@PinpointTownes @binq1000 I guess the answer to if we support EC is yes :-). |
@brentschmaltz actually, EC support is missing in See the exception mentioned earlier: |
When adding a ECC certificate with AddSigningCertificate, it will give a NotSupportedException. Would it be possible to add support for ECC certificates and maybe add some documentation regarding this?
The text was updated successfully, but these errors were encountered: