OIDC auth flow JWT/JWKS library only support RSA Keytypes for JWKS

[juliankrieger]

Cosmian kms makes use of alcoholic_jwt to parse the JWKS here:

kms/crate/server/src/routes/ui_auth.rs

Line 246 in 7bfc9ef

let jwks: JWKS = match serde_json::from_value(jwks_val) {

Unfortunately the only KeyType supported by alcoholic_jwt is RSA. It's very strict in its parsing so the following keyset throws an error:

"keys": [
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "sig",
      "kid": "defaultRSASign",
      "n": "p3A7_E005G5ymN8a9svdGHkpLtaxK-yRvQ9zg7h2oMcti3PSrl-2phXw-6Ot6LDUqDC9zHXUCSbK3g-bjJ6C5VWo8rARuSCl1z4qR5TimkIlMFOr1bIonbI3f6WgaYOPLPdyqWBAYU5LQ1OfsTxV9MJ_Cjq0Yhzo7gohkSICJSBzvPByy95G7ll6RJh0c7Hp63zEA1hkyoxuzv1c34oSB5wsfOkWh8FwcyPsqUOp-dojaJmLN4rIFxjFgAaX-aAfGFfHhPAZLtLEpFF-pK-kczHx65YIW7N_3YYcPgLmcY0YNiCZRdhpzDRqQJMyoLEj2nQeMMQHjnKzTM7gkrmDLw"
    },
    {
      "kty": "EC",
      "use": "sig",
      "crv": "P-256",
      "kid": "defaultECSign",
      "x": "IIBe-8o4rTauM4W-4dzxU3tV5R0fA2-HrpIqmyNlgcY",
      "y": "7AzzxpO9KelOfCUh_ueqnBtt7wXqpnE6Kvj-4w63b7s"
    },
    {
      "kty": "RSA",
      "e": "AQAB",
      "use": "enc",
      "kid": "defaultRSAEnc",
      "n": "htIQKGQdPSRaEJLTzbY5reXny7DottdXAI6qPt2K2MmGa9ZXd8lWZQyWi-LeeBV4Z0m2HWBaPT2dZd8Vvvj5Nx8ETEr8exBCVrF5XXtWDueHeoT94ZKwz60i0mMl02tBbLKn77eQN-Kxb7p20ptSi5E-tECHKOVxYkANx2S0ry-Fw6uF1j0o6orD67oh7DKcmuchzf4zxMs0jnJwMGy6s8SFdsQUxX0r8DuSZcm3eFz9hF90QqI5cOqjlpcSfbDSEaadwNTZao11Stz7hTb2KaLB1oXwEJvdubDKDfZ5CgahDZWnXgBVSqq9KXnP3q70eaSOTfLIXNWuPCV1WFKNJw"
    }

Is there any interest in getting this to work with EC keys? I think the ecosystem has matured past the crate onto jsonwebtoken - which does support more modern key formats.

I would be willing to do the work.