From aaf1b92847a854e54fc6def24746741cd70e0796 Mon Sep 17 00:00:00 2001 From: Tingluo Huang Date: Mon, 7 Apr 2025 11:49:14 -0400 Subject: [PATCH] Set JWT.alg to PS256 with PssPadding. (#3789) --- src/Sdk/WebApi/WebApi/Jwt/JsonWebToken.cs | 6 +++++- src/Sdk/WebApi/WebApi/VssSigningCredentials.cs | 15 +++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/src/Sdk/WebApi/WebApi/Jwt/JsonWebToken.cs b/src/Sdk/WebApi/WebApi/Jwt/JsonWebToken.cs index 15216cb14..10c25904b 100644 --- a/src/Sdk/WebApi/WebApi/Jwt/JsonWebToken.cs +++ b/src/Sdk/WebApi/WebApi/Jwt/JsonWebToken.cs @@ -25,7 +25,10 @@ namespace GitHub.Services.WebApi.Jwt HS256, [EnumMember] - RS256 + RS256, + + [EnumMember] + PS256, } //JsonWebToken is marked as DataContract so @@ -286,6 +289,7 @@ namespace GitHub.Services.WebApi.Jwt { case JWTAlgorithm.HS256: case JWTAlgorithm.RS256: + case JWTAlgorithm.PS256: return signingCredentials.SignData(bytes); default: diff --git a/src/Sdk/WebApi/WebApi/VssSigningCredentials.cs b/src/Sdk/WebApi/WebApi/VssSigningCredentials.cs index 6b7e0c348..68a99cf70 100644 --- a/src/Sdk/WebApi/WebApi/VssSigningCredentials.cs +++ b/src/Sdk/WebApi/WebApi/VssSigningCredentials.cs @@ -166,6 +166,21 @@ namespace GitHub.Services.WebApi } } + public override JWTAlgorithm SignatureAlgorithm + { + get + { + if (m_signaturePadding == RSASignaturePadding.Pss) + { + return JWTAlgorithm.PS256; + } + else + { + return base.SignatureAlgorithm; + } + } + } + protected override Byte[] GetSignature(Byte[] input) { using (var rsa = m_factory())