From 3d86ae12bc1724b68d496cedf8f5fde00b4eccf1 Mon Sep 17 00:00:00 2001
From: jiuker <2818723467@qq.com>
Date: Wed, 3 Apr 2024 07:02:35 +0800
Subject: [PATCH] feat: support EdDSA/Ed25519 for oss (#19397)

---
 internal/config/identity/openid/jwks.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/internal/config/identity/openid/jwks.go b/internal/config/identity/openid/jwks.go
index 025850ddc..e1c00532d 100644
--- a/internal/config/identity/openid/jwks.go
+++ b/internal/config/identity/openid/jwks.go
@@ -20,6 +20,7 @@ package openid
 import (
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rsa"
 	"encoding/base64"
@@ -117,6 +118,13 @@ func (key *JWKS) DecodePublicKey() (crypto.PublicKey, error) {
 			Y:     &y,
 		}, nil
 	default:
+		if key.Alg == "EdDSA" && key.Crv == "Ed25519" && key.X != "" {
+			pb, err := base64.RawURLEncoding.DecodeString(key.X)
+			if err != nil {
+				return nil, errMalformedJWKECKey
+			}
+			return ed25519.PublicKey(pb), nil
+		}
 		return nil, fmt.Errorf("Unknown JWK key type %s", key.Kty)
 	}
 }