Skip to content

fix: Add EC curve-based algorithm selection for JWT#850

Merged
edwinjosechittilappilly merged 4 commits into
jwt-algfrom
fix-alg
Jan 27, 2026
Merged

fix: Add EC curve-based algorithm selection for JWT#850
edwinjosechittilappilly merged 4 commits into
jwt-algfrom
fix-alg

Conversation

@edwinjosechittilappilly

@edwinjosechittilappilly edwinjosechittilappilly commented Jan 26, 2026

Copy link
Copy Markdown
Collaborator

This pull request introduces an important update to JWT signing algorithm selection and a minor adjustment to the integration test workflow. The main enhancement is improved handling of elliptic curve keys to select the appropriate JWT algorithm based on the specific curve, ensuring better standards compliance and error handling.

JWT Signing Improvements:

  • Updated the _configure_jwt_signing method in src/session_manager.py to select the JWT algorithm (ES256, ES384, or ES512) based on the exact elliptic curve used (SECP256R1, SECP384R1, or SECP521R1), and to raise a clear error for unsupported curves.

CI Workflow Maintenance:

  • Changed the integration test workflow in .github/workflows/test-integration.yml to use the newer docker compose command instead of the deprecated docker-compose.

Updated the SessionManager to select the JWT algorithm based on the specific elliptic curve used in the EC private key, supporting ES256, ES384, and ES512. Raises an error for unsupported curves.
Changed the test-integration workflow to run on ubuntu-latest instead of a self-hosted ARM64 runner. Added a step to install docker-compose to ensure it is available in the CI environment.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request improves the JWT signing configuration to support EC curve-based algorithm selection and modernizes the CI/CD integration test workflow. The changes enhance security by automatically selecting the appropriate JWT algorithm based on the EC private key's curve type, and improve workflow portability by migrating from a self-hosted ARM64 runner to ubuntu-latest.

Changes:

  • Enhanced EC JWT signing to automatically select ES256, ES384, or ES512 based on the curve type (SECP256R1, SECP384R1, or SECP521R1)
  • Migrated integration test workflow from self-hosted ARM64 runner to ubuntu-latest for improved portability
  • Added docker-compose installation step to ensure dependencies are available

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/session_manager.py Implements curve-based algorithm selection for EC keys with proper error handling for unsupported curves
.github/workflows/test-integration.yml Updates runner to ubuntu-latest and adds docker-compose installation step

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/test-integration.yml Outdated
Comment thread src/session_manager.py
Changed the test-integration workflow to run on a self-hosted ARM64 runner with specific labels instead of ubuntu-latest. This enables testing in an environment closer to production or with required hardware resources.
@edwinjosechittilappilly edwinjosechittilappilly merged commit ee4cb4c into jwt-alg Jan 27, 2026
1 check failed
@edwinjosechittilappilly edwinjosechittilappilly deleted the fix-alg branch January 27, 2026 17:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants