From 77c955602c19ab2ac0aef6a15ba0f7acac07a0e1 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Tue, 21 Nov 2023 11:12:49 +0800
Subject: [PATCH] fix(docs): update the spring boot doc

set the jws algorithm to ES384
---
 docs/docs/recipes/protect-your-api/spring-boot.mdx             | 3 +++
 .../version-1.x/docs/recipes/protect-your-api/spring-boot.mdx  | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/docs/docs/recipes/protect-your-api/spring-boot.mdx b/docs/docs/recipes/protect-your-api/spring-boot.mdx
index 1e2b8d59546..4d71b9e6ab1 100644
--- a/docs/docs/recipes/protect-your-api/spring-boot.mdx
+++ b/docs/docs/recipes/protect-your-api/spring-boot.mdx
@@ -177,6 +177,7 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtValidators;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
+import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.web.SecurityFilterChain;
 
 @EnableWebSecurity
@@ -194,6 +195,8 @@ public class SecurityConfiguration {
     @Bean
     public JwtDecoder jwtDecoder() {
         NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwksUri)
+                // Logto uses the ES384 algorithm to sign the JWTs by default.
+                .jwsAlgorithm(ES384)
                 // The decoder should support the token type: Access Token + JWT.
                 .jwtProcessorCustomizer(customizer -> customizer.setJWSTypeVerifier(
                         new DefaultJOSEObjectTypeVerifier<SecurityContext>(new JOSEObjectType("at+jwt"))))
diff --git a/versioned_docs/version-1.x/docs/recipes/protect-your-api/spring-boot.mdx b/versioned_docs/version-1.x/docs/recipes/protect-your-api/spring-boot.mdx
index 1e2b8d59546..4d71b9e6ab1 100644
--- a/versioned_docs/version-1.x/docs/recipes/protect-your-api/spring-boot.mdx
+++ b/versioned_docs/version-1.x/docs/recipes/protect-your-api/spring-boot.mdx
@@ -177,6 +177,7 @@ import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.JwtValidators;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
+import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.web.SecurityFilterChain;
 
 @EnableWebSecurity
@@ -194,6 +195,8 @@ public class SecurityConfiguration {
     @Bean
     public JwtDecoder jwtDecoder() {
         NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder.withJwkSetUri(jwksUri)
+                // Logto uses the ES384 algorithm to sign the JWTs by default.
+                .jwsAlgorithm(ES384)
                 // The decoder should support the token type: Access Token + JWT.
                 .jwtProcessorCustomizer(customizer -> customizer.setJWSTypeVerifier(
                         new DefaultJOSEObjectTypeVerifier<SecurityContext>(new JOSEObjectType("at+jwt"))))