Field "Authentication Signing Algorithm" sent as `authSigningAlgs` instead of `token_endpoint_auth_signing_alg` on Create OAuth2 Client page
jpogorzelski opened this issue · 0 comments
jpogorzelski commented
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
https://serene-engelbart-4fo4ru61cd.projects.oryapis.com
Describe the bug
When private_key_jwt
option is selected as Authentication Method in "Client authentication mechanism" section, the new select box "Authentication Signing Algorithm" appears on a page with list of algorithms.
The selected value is sent to Hydra /clients endpoint as authSigningAlgs
property, which does not exist in OAuth2Client schema. The request is 201, but the field is not present in the response.
I believe the property name in the payload should be token_endpoint_auth_signing_alg
instead.
Reproducing the bug
- Go to new OAuth2 Client creation page https://console.ory.sh/projects//oauth/create
- Fill any client name
- Select JWT Authenticaton (private_key_jwt)
- Select e.g. RS512 in Authentication Signing Algorithm field
- Submit
Relevant log output
No response
Relevant configuration
No response
Version
Ory Network
On which operating system are you observing this issue?
Ory Network
In which environment are you deploying?
Ory Network