Can Silhouette only handle JWT tokens signed with HS256?


#1

I have a JWT Token signed with RS256, but I get the exception: The “RS256” algorithm is not accepted by the JWS verifier.

What do I need to do, to make a JWTAuthenticator that can handle RS256 tokens?


#2

@akkie hey there. I was going to ask the same question. It is a shame if various verifiers is not implemented yet :frowning:


#3

Currently the Play Silhouette module uses Atlassian JWT which doesn’t support other algorithms as HMAC SHA-256. I’ve addressed this issue in the framework agnostic version of Silhouette.

@orkunkl I’m so sorry that you are dissatisfied with the library. Currently I’m the only core developer and I work mostly alone on this project in my spare free time. So every help is appreciated. You could migrate the code from the framework agnostic version and provide an alternative package based on the old Atlassian JWT implementation for backward compatibility. Please let me know if I can help you to implement this missing feature.