Support ES256 or EdDSA key for signing tokens #4442
Description
Preflight Checklist
- I agree to follow the Code of Conduct that this project adheres to.
- I have searched the issue tracker for an issue that matches the one I want to file, without success.
Problem Description
We use Dex integrated with ArgoCD, where tokens are stored as cookies and are subject to a 4KB limit. Since the token must contain all of a user's group memberships, we frequently approach this limit.
Currently, Dex uses RS256 for signing, which adds about 344 bytes of overhead for the signature alone. It would be great if Dex could support ES256 or EdDSA for signing. This would reduce the signature size to roughly 87 bytes, freeing up approximately 257 bytes. We consider this a significant saving given the strict 4KB limit.
In addition to the smaller signature size, we believe other users may prefer these algorithms for their speed or specific security requirements.
Proposed Solution
Make signing key algorithm ES256 orEdDSA by default, or make them available by configuration
Alternatives Considered
No response
Additional Information
No response