question

vit-mistina avatar image
0 Votes"
vit-mistina asked RakeshJagatap-4451 commented

Is it known when/if Azure AD B2C will support PS512 (RSASSA-PSS) signatures of tokens from identity providers?

Hello there, I've set up a flow and later a matching custom policy with an OIDC identity provider. It is a "bank identity" on the Czech market and I'd like to use this service for "social" sign-up and sign-in.

The issue is they are really serious about security and sign their JWTs with PS512 (RSASSA-PSS) algorithm.

AD B2C fails during signature validation with these errors found in App Insights:
IDX10618: AsymmetricSecurityKey.GetHashAlgorithmForSignature( 'PS512' ) threw an exception.

The algorithm PS512 is not supported for operation GetHashAlgorithmForSignature.

Do you know if there is some public roadmap/backlog? I want to have an idea whether support for this algo is coming in some foreseeable future...

Thank you,
Vit Mistina

azure-ad-b2c
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

0 Votes 0 ·

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered

Hi @vit-mistina • Thank you for reaching out.

If you check the metadata endpoint for your User Flow or for the B2C tenant, the supported token signing algorithm is RS256.

I checked with the B2C product team, there are no plans on adding PS512 (RSASSA-PSS) algorithm as of now.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.