Skip to content

Add Support for ECDSA-based Signatures of OIDC Tokens #1211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 tasks
garysassano opened this issue Nov 25, 2024 · 2 comments
Closed
2 tasks

Add Support for ECDSA-based Signatures of OIDC Tokens #1211

garysassano opened this issue Nov 25, 2024 · 2 comments
Labels
feature-request A feature should be added or improved.

Comments

@garysassano
Copy link

Describe the feature

I would like to request support for ECDSA-based signatures of OpenID Connect (OIDC) tokens in the configure-aws-credentials GitHub Action. AWS STS recently announced support for ECDSA signatures, allowing users to choose between RSA and ECDSA keys for signing OIDC JWTs.

For more details, please refer to the AWS announcement.

Use Case

This enhancement would improve security and flexibility for users who want to leverage ECDSA's strong security with smaller key sizes compared to RSA. It would also allow users to adopt this feature without any changes to their existing AWS IAM configurations.

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change
@garysassano garysassano added feature-request A feature should be added or improved. needs-triage This issue still needs to be triaged labels Nov 25, 2024
@kellertk
Copy link
Member

kellertk commented Dec 2, 2024

Does GitHub support ECDSA-signed JWTs? https://token.actions.githubusercontent.com/.well-known/openid-configuration shows that the supported algorithm is RS256 only. As far as I can tell neither the @actions/core toolkit nor GitHub support ECDSA keys yet. Presently this action only supports getting a token from GitHub's OIDC provider.

@kellertk kellertk removed the needs-triage This issue still needs to be triaged label Dec 2, 2024
@kellertk kellertk closed this as not planned Won't fix, can't repro, duplicate, stale Dec 2, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 2, 2024

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kellertk @garysassano