[Bug]: OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG and OIDC_USERINFO_SIGNED_RESPONSE_ALG not recognized #565

New Issue

OVERLORD · 2026-02-04T20:23:02+03:00

OVERLORD commented

2026-02-04 20:23:02 +03:00

Originally created by @kasrabeheshti on GitHub (Sep 9, 2024).

Where is the problem occurring?

I encountered the problem while interacting with the server (Backend)

What browsers are you seeing the problem on?

No response

Current behaviour

I am using an OIDC provider (Roblox) that uses the ES256 JWT algorithm. In my docker compose file I have the following set:

 - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=ES256
 - OIDC_USERINFO_SIGNED_RESPONSE_ALG=ES256
 - OIDC_SCOPES=openid email profile

However, SSO operations are failing and in docker I am getting this error: [W] Error while exchanging OIDC code: RPError: unexpected JWT alg received, expected RS256, got: ES256
This is the same error I got before and after I set these env variables. Am I setting them incorrectly?

Desired behaviour

No response

Steps to reproduce

Use an OIDC provider that uses ES256 (or perhaps another, like HS256) JWT algo?

Other information

No response

Originally created by @kasrabeheshti on GitHub (Sep 9, 2024). ### Where is the problem occurring? I encountered the problem while interacting with the server (Backend) ### What browsers are you seeing the problem on? _No response_ ### Current behaviour I am using an OIDC provider (Roblox) that uses the ES256 JWT algorithm. In my docker compose file I have the following set: ``` - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=ES256 - OIDC_USERINFO_SIGNED_RESPONSE_ALG=ES256 - OIDC_SCOPES=openid email profile ``` However, SSO operations are failing and in docker I am getting this error: `[W] Error while exchanging OIDC code: RPError: unexpected JWT alg received, expected RS256, got: ES256` This is the same error I got before and after I set these env variables. Am I setting them incorrectly? ### Desired behaviour _No response_ ### Steps to reproduce Use an OIDC provider that uses ES256 (or perhaps another, like HS256) JWT algo? ### Other information _No response_

OVERLORD added the help wanted label 2026-02-04 20:23:02 +03:00

OVERLORD commented

2026-02-04 20:23:09 +03:00

@meltyshev commented on GitHub (Sep 13, 2024):

Hi! Thanks for reporting this. I just tried configuring ES256 for id_token and userinfo in Keycloak and it worked fine. However, I don’t have enough expertise to identify the issue, so I’ll add a "help wanted" label and hopefully someone else can help.

@meltyshev commented on GitHub (Sep 13, 2024): Hi! Thanks for reporting this. I just tried configuring ES256 for `id_token` and `userinfo` in Keycloak and it worked fine. However, I don’t have enough expertise to identify the issue, so I’ll add a "help wanted" label and hopefully someone else can help.

OVERLORD commented

2026-02-04 20:23:13 +03:00

@kasrabeheshti commented on GitHub (Sep 14, 2024):

Hi! Thanks for reporting this. I just tried configuring ES256 for id_token and userinfo in Keycloak and it worked fine. However, I don’t have enough expertise to identify the issue, so I’ll add a "help wanted" label and hopefully someone else can help.

Thanks! May I ask how you've deployed Planka? I am running in docker and want to try your setup to see if it resolves the issue

@kasrabeheshti commented on GitHub (Sep 14, 2024): > Hi! Thanks for reporting this. I just tried configuring ES256 for `id_token` and `userinfo` in Keycloak and it worked fine. However, I don’t have enough expertise to identify the issue, so I’ll add a "help wanted" label and hopefully someone else can help. Thanks! May I ask how you've deployed Planka? I am running in docker and want to try your setup to see if it resolves the issue

OVERLORD commented

2026-02-04 20:23:16 +03:00

@meltyshev commented on GitHub (Sep 14, 2024):

Thanks! May I ask how you've deployed Planka? I am running in docker and want to try your setup to see if it resolves the issue

Sure! We also use Docker to run Planka, and we’ve documented all the settings we use in the docs. However, we don’t have an OIDC provider, so we run it separately only when we need to troubleshoot or test issues related to it.

I tried setting the algorithm to a different value than the one configured in the OIDC provider and encountered the same error you did. However, my "expected" value matches exactly what I set in the environment variable, while yours displays a different value, which is odd. Probably there’s another openid client setting we’re missing, or the variables haven’t been set/updated correctly inside the container (you can check it by connecting to the container and executing echo $OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG).

@meltyshev commented on GitHub (Sep 14, 2024): > Thanks! May I ask how you've deployed Planka? I am running in docker and want to try your setup to see if it resolves the issue Sure! We also use Docker to run Planka, and we’ve documented all the settings we use in the docs. However, we don’t have an OIDC provider, so we run it separately only when we need to troubleshoot or test issues related to it. I tried setting the algorithm to a different value than the one configured in the OIDC provider and encountered the same error you did. However, my "expected" value matches exactly what I set in the environment variable, while yours displays a different value, which is odd. Probably there’s another openid client setting we’re missing, or the variables haven’t been set/updated correctly inside the container (you can check it by connecting to the container and executing `echo $OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG`).

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/planka#565