Strict on which signing algorithm that can be used.

Author: rohe

src/oidcservice/oidc/access_token.py

@@ -31,10 +31,13 @@ def gather_verify_arguments(self):
         :return: dictionary with arguments to the verify call
         """
         _ctx = self.service_context
+        # Default is RS256
+        _allowed_sign_alg = _ctx.registration_response.get("id_token_signed_response_alg", "RS256")
+
         kwargs = {
             'client_id': _ctx.client_id, 'iss': _ctx.issuer,
             'keyjar': _ctx.keyjar, 'verify': True,
-            'skew': _ctx.clock_skew
+            'skew': _ctx.clock_skew, 'allowed_sign_alg': _allowed_sign_alg
         }
 
         for attr, param in IDT2REG.items():