From eb249c4c70340ebd7b0add8f129865721d070a2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= <tim+github@zitadel.com>
Date: Mon, 19 Aug 2024 21:04:21 +0300
Subject: [PATCH] chore(example): add supported signing algorithms to RP

---
 example/client/app/app.go | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/example/client/app/app.go b/example/client/app/app.go
index 448c530..a870e00 100644
--- a/example/client/app/app.go
+++ b/example/client/app/app.go
@@ -11,6 +11,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/go-jose/go-jose/v4"
 	"github.com/google/uuid"
 	"github.com/sirupsen/logrus"
 
@@ -53,7 +54,23 @@ func main() {
 
 	options := []rp.Option{
 		rp.WithCookieHandler(cookieHandler),
-		rp.WithVerifierOpts(rp.WithIssuedAtOffset(5 * time.Second)),
+		rp.WithVerifierOpts(
+			rp.WithIssuedAtOffset(5*time.Second),
+			// When the OP uses other signing algorithms then RS256,
+			// We need to tell the RP to accept them.
+			// The actual handshake is done with the "kid" and "alg" header claims.
+			// However, [jose.ParseSigned] needs a list of algorithms we are willing to accept.
+			// This example sets all the algorithms the ZITADEL product supports.
+			rp.WithSupportedSigningAlgorithms(
+				string(jose.EdDSA),
+				string(jose.RS256),
+				string(jose.RS384),
+				string(jose.RS512),
+				string(jose.ES256),
+				string(jose.ES384),
+				string(jose.ES512),
+			),
+		),
 		rp.WithHTTPClient(client),
 		rp.WithLogger(logger),
 	}