fix(docs): update the spring boot doc

set the jws algorithm to ES384
logto-io · Nov 21, 2023 · 77c9556 · 77c9556
1 parent d9d3c0a
commit 77c9556
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/docs/docs/recipes/protect-your-api/spring-boot.mdx b/docs/docs/recipes/protect-your-api/spring-boot.mdx
@@ -177,6 +177,7 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtValidators;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
+import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.web.SecurityFilterChain;
 
 @EnableWebSecurity
@@ -194,6 +195,8 @@ public class SecurityConfiguration {
     @Bean
     public JwtDecoder jwtDecoder() {
         NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwksUri)
+                // Logto uses the ES384 algorithm to sign the JWTs by default.
+                .jwsAlgorithm(ES384)
                 // The decoder should support the token type: Access Token + JWT.
                 .jwtProcessorCustomizer(customizer -> customizer.setJWSTypeVerifier(
                         new DefaultJOSEObjectTypeVerifier<SecurityContext>(new JOSEObjectType("at+jwt"))))

diff --git a/versioned_docs/version-1.x/docs/recipes/protect-your-api/spring-boot.mdx b/versioned_docs/version-1.x/docs/recipes/protect-your-api/spring-boot.mdx
@@ -177,6 +177,7 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtValidators;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
+import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.web.SecurityFilterChain;
 
 @EnableWebSecurity
@@ -194,6 +195,8 @@ public class SecurityConfiguration {
     @Bean
     public JwtDecoder jwtDecoder() {
         NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwksUri)
+                // Logto uses the ES384 algorithm to sign the JWTs by default.
+                .jwsAlgorithm(ES384)
                 // The decoder should support the token type: Access Token + JWT.
                 .jwtProcessorCustomizer(customizer -> customizer.setJWSTypeVerifier(
                         new DefaultJOSEObjectTypeVerifier<SecurityContext>(new JOSEObjectType("at+jwt"))))