Skip to content

feat(signer): support EdDSA for the local token signer#4831

Open
somaz94 wants to merge 1 commit into
dexidp:masterfrom
somaz94:feat/local-signer-eddsa
Open

feat(signer): support EdDSA for the local token signer#4831
somaz94 wants to merge 1 commit into
dexidp:masterfrom
somaz94:feat/local-signer-eddsa

Conversation

@somaz94

@somaz94 somaz94 commented Jun 12, 2026

Copy link
Copy Markdown

Overview

Adds EdDSA (Ed25519) as a signing algorithm for the local token signer, completing #4442. The local signer already supported RS256 and ES256, so this fills in the remaining algorithm requested in the issue.

What this PR does / why we need it

EdDSA produces much smaller signatures than RS256, which matters for setups with a tight token-size budget — the issue describes Argo CD storing tokens as cookies under a 4 KB limit.

  • server/signer/rotation.go: generate an Ed25519 key when the configured algorithm is EdDSA. server/signer/utils.go already maps Ed25519 keys to jose.EdDSA and signPayload is algorithm-generic, so signing, JWKS publication, and the discovery id_token_signing_alg_values_supported value already work once a key is generated.
  • server/signer/local.go and cmd/dex/config.go: accept EdDSA in the local-signer config validation.
  • server/oauth2.go: add EdDSA → SHA-512 to hashForSigAlg so at_hash/c_hash can be computed for EdDSA id_tokens (Ed25519 uses SHA-512 internally).

It also fixes a verifier gap that EdDSA exposes: the id_token_hint, /userinfo, and /token/introspect verifiers build oidc.NewVerifier with an oidc.Config that does not set SupportedSigningAlgs. go-oidc then defaults to RS256 only and rejects ES256/EdDSA Dex-issued tokens with malformed jwt before signerKeySet.VerifySignature ever runs. These three sites now pass the same algorithm list signerKeySet already uses, extracted into a shared supportedSigningAlgs.

Note: this verifier gap also affects ES256 today, not just EdDSA. I included the fix here because EdDSA cannot work end-to-end without it, but I'm happy to split it into a separate PR if you'd prefer to keep this one signer-only.

Closes #4442

Special notes for your reviewer

  • Tests:
    • EdDSA cases added to the local-signer table tests, plus a new TestRotationStrategyForAlgorithm.
    • TestAccessTokenHashEdDSA for the at_hash mapping.
    • TestSignerKeySetWithEdDSALocalSigner and an end-to-end TestValidateIDTokenHintEdDSA that drives the real verifier path. The latter fails against the unpatched verifier with oidc: malformed jwt: unexpected signature algorithm "EdDSA"; expected ["RS256"].
  • go test ./server/... ./cmd/..., golangci-lint run, and gofmt -l are all clean. No new dependencies (Ed25519 is stdlib).

somaz94 added a commit to somaz94/somaz94 that referenced this pull request Jun 12, 2026
@somaz94 somaz94 marked this pull request as ready for review June 17, 2026 02:12

@nabokihms nabokihms left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

guessTokenType (introspectionhandler.go) wasn't touched — still no SupportedSigningAlgs. go-oidc checks the alg before honoring InsecureSkipSignatureCheck, so it defaults to RS256 and an EdDSA token fails to parse. guessTokenType then returns RefreshToken, and a valid EdDSA access token comes back active: false. The introspectAccessToken fix never runs for it (same for ES256).

Same one-line fix as the other sites + an e2e introspection test with EdDSA.

Signed-off-by: somaz <genius5711@gmail.com>
@somaz94 somaz94 force-pushed the feat/local-signer-eddsa branch from a7486b2 to ed39215 Compare June 24, 2026 01:50
@somaz94

somaz94 commented Jun 24, 2026

Copy link
Copy Markdown
Author

Thanks, good catch. That was exactly the path I missed.

Added SupportedSigningAlgs: supportedSigningAlgStrings() to the guessTokenType verifier config in introspectionhandler.go, so an EdDSA (or ES256) access token is no longer mis-classified as a refresh token.

Also added TestHandleIntrospectEdDSA, which drives the full /token/introspect endpoint with an EdDSA-signed access token and asserts active: true (it fails without the fix). Local run:

--- PASS: TestHandleIntrospect (0.01s)
--- PASS: TestHandleIntrospectEdDSA (0.00s)
ok  github.com/dexidp/dex/server

Pushed in ed39215. Ready for another look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Support ES256 or EdDSA key for signing tokens

2 participants