idp_oidc: set default algorithm to HMAC (fixes #28249)

2019-03-12 14:47:50 +01:00 · 2019-03-12 14:47:50 +01:00 · 4a69acd8bd
parent 5a9f70534c
commit 4a69acd8bd
2 changed files with 2 additions and 2 deletions
--- a/src/authentic2_idp_oidc/migrations/0001_initial.py
+++ b/src/authentic2_idp_oidc/migrations/0001_initial.py
@ -44,7 +44,7 @@ class Migration(migrations.Migration):
                ('redirect_uris', models.TextField(verbose_name='redirect URIs', validators=[authentic2_idp_oidc.models.validate_https_url])),
                ('sector_identifier_uri', models.URLField(verbose_name='sector identifier URI', blank=True)),
                ('identifier_policy', models.PositiveIntegerField(default=2, verbose_name='identifier policy', choices=[(1, 'uuid'), (2, 'pairwise'), (3, 'email')])),
-                ('idtoken_algo', models.PositiveIntegerField(default=1, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])),
+                ('idtoken_algo', models.PositiveIntegerField(default=2, verbose_name='IDToken signature algorithm', choices=[(2, 'HMAC')])),
                ('created', models.DateTimeField(auto_now_add=True, verbose_name='created')),
                ('modified', models.DateTimeField(auto_now=True, verbose_name='modified')),
            ],
--- a/src/authentic2_idp_oidc/models.py
+++ b/src/authentic2_idp_oidc/models.py
@ -122,7 +122,7 @@ class OIDCClient(Service):
        return OIDCClient.ALGO_CHOICES

    idtoken_algo = models.PositiveIntegerField(
-        default=ALGO_RSA,
+        default=ALGO_HMAC,
        choices=get_idtoken_algorithms(),
        verbose_name=_('IDToken signature algorithm'))
    has_api_access = models.BooleanField(