From ca7837a8e6661144738f464cd2ff61c42423c298 Mon Sep 17 00:00:00 2001
From: Varun Peddina <vpeddina@berkadia.com>
Date: Thu, 11 Feb 2021 18:28:13 +0530
Subject: [PATCH] [KEYCLOAK-17112] Added realm key algorithm as a config option

---
 middleware/auth-utils/config.js        | 6 ++++++
 middleware/auth-utils/grant-manager.js | 3 ++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/middleware/auth-utils/config.js b/middleware/auth-utils/config.js
index 28ab7af2..98522a1b 100644
--- a/middleware/auth-utils/config.js
+++ b/middleware/auth-utils/config.js
@@ -167,6 +167,12 @@ Config.prototype.configure = function configure (config) {
    * @type {Boolean}
    */
   this.verifyTokenAudience = resolveValue(config['verify-token-audience'] || config.verifyTokenAudience || false);
+  /**
+   * Algorithm used for the key
+   * Default: RSA-SHA256
+   * @type {String}
+   */
+  this.publicKeyAlgorithm = resolveValue(config['realm-public-key-algorithm'] || config.realmPublicKeyAlgorithm || 'RSA-SHA256');
 };
 
 module.exports = Config;
diff --git a/middleware/auth-utils/grant-manager.js b/middleware/auth-utils/grant-manager.js
index 06680dd7..aace015a 100644
--- a/middleware/auth-utils/grant-manager.js
+++ b/middleware/auth-utils/grant-manager.js
@@ -41,6 +41,7 @@ function GrantManager (config) {
   this.notBefore = 0;
   this.rotation = new Rotation(config);
   this.verifyTokenAudience = config.verifyTokenAudience;
+  this.publicKeyAlgorithm = config.publicKeyAlgorithm;
 }
 
 /**
@@ -440,7 +441,7 @@ GrantManager.prototype.validateToken = function validateToken (token, expectedTy
           reject(new Error('invalid token (wrong audience)'));
         }
       }
-      const verify = crypto.createVerify('RSA-SHA256');
+      const verify = crypto.createVerify(this.publicKeyAlgorithm);
       // if public key has been supplied use it to validate token
       if (this.publicKey) {
         try {