I'd like to use more secure JWS signature algorithm in the environment where the high
security level is required such as the financial industry.
According to the following RFCs, RSASSA-PSS to which PS256 follows is recommended on
behalf of RSASSA-PKCS1-v1_5 to which RS256 follows.
However, according to the following RFC, ES256 is "Recommended+" while PS256 is
Moreover, it is said that Elliptic Curve based algorithms have an advantage against RSA
base algorithms in volume of its computation.
Therefore, I've tried to make keycloak support ES256 JWS signature along with existing
I've found that it seemed to be relatively easy to implement software components for
ES256 JWS signature such as Signature Provider and Key Provider.
However, it seemed to be difficult to implement codes actually calling these providers.
The reasons is as follows.
* a lot of places have called these singing and verifying providers.
* such the places have been hard-coded in RSA algorithm specific.
To deal with them, the following ideas have hit on me
1. replace RSA algorithm specific codes with signature algorithm independent codes.
2. re-design JWS signing and verifying scheme on high level.
I'm not familiar with keycloak internals, so I've implemented ES256 JWS signature
support on #1 basis experimentally.
I'm not sure whether this way is appropriate or not. I'm very happy if keycloak
specialists consider #2 or review my implementation based on #1.
I've issued PR as WIP. Please refer to the following in detail.