From 5b517f9fb4c5f45fbb3536403406d3294aad6538 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Tue, 12 Mar 2019 14:47:50 +0100 Subject: [PATCH] idp_oidc: set default algorithm to HMAC (fixes #28249) --- src/authentic2_idp_oidc/migrations/0001_initial.py | 2 +- src/authentic2_idp_oidc/models.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/authentic2_idp_oidc/migrations/0001_initial.py b/src/authentic2_idp_oidc/migrations/0001_initial.py index a965f0ec..8da764c3 100644 --- a/src/authentic2_idp_oidc/migrations/0001_initial.py +++ b/src/authentic2_idp_oidc/migrations/0001_initial.py @@ -44,7 +44,7 @@ class Migration(migrations.Migration): ('redirect_uris', models.TextField(verbose_name='redirect URIs', validators=[authentic2_idp_oidc.models.validate_https_url])), ('sector_identifier_uri', models.URLField(verbose_name='sector identifier URI', blank=True)), ('identifier_policy', models.PositiveIntegerField(default=2, verbose_name='identifier policy', choices=[(1, 'uuid'), (2, 'pairwise'), (3, 'email')])), - ('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])), + ('idtoken_algo', models.PositiveIntegerField(default=2, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])), ('created', models.DateTimeField(auto_now_add=True, verbose_name='created')), ('modified', models.DateTimeField(auto_now=True, verbose_name='modified')), ], diff --git a/src/authentic2_idp_oidc/models.py b/src/authentic2_idp_oidc/models.py index 58775e61..6f7153d8 100644 --- a/src/authentic2_idp_oidc/models.py +++ b/src/authentic2_idp_oidc/models.py @@ -122,7 +122,7 @@ class OIDCClient(Service): return OIDCClient.ALGO_CHOICES idtoken_algo = models.PositiveIntegerField( - default=ALGO_RSA, + default=ALGO_HMAC, choices=get_idtoken_algorithms(), verbose_name=_('IDToken signature algorithm')) has_api_access = models.BooleanField( -- 2.20.1