AshAuthentication "EdDSA" algorithm not working

Hey there

We started using AshAuthentication to implement SSO with Rauthy as OIDC provider in our dev setup. In Rauthy I can choose “EdDSA” so for my oidc strategy I set id_token_signed_response_alg "EdDSA but I het the following error

[error] ** (FunctionClauseError) no function clause matching in Assent.JWTAdapter.AssentJWT.verify_message/4

Can somebody help me out? Is this an issue with my Rauthy configuration or is anyone else facing the same issue?
Choosing RS256 is working fine.

Best regards and thanks in advance!

What is the stack trace on the error?

[error] ** (FunctionClauseError) no function clause matching in Assent.JWTAdapter.AssentJWT.verify_message/4
    (assent 0.2.13) lib/assent/jwt_adapter/assent_jwt.ex:243: Assent.JWTAdapter.AssentJWT.verify_message("eyJhbGciOiJFZERTQSIsImtpZCI6IjJSZkJzR1d2b09xeG1WZTlucXFTODNyTiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3NTA2ODE2OTksIm5iZiI6MTc1MDY4MTY5OSwiZXhwIjoxNzUwNjgzNDk5LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC92MSIsImF1ZCI6Im12Iiwic3ViIjoieWRoelNsNkFoSHFGZFk2aG9uM3pMUjVjIiwidHlwIjoiSWQiLCJhenAiOiJtdiIsInNjb3BlIjoib3BlbmlkIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW5AbG9jYWxob3N0IiwiYW1yIjpbInB3ZCJdLCJhdXRoX3RpbWUiOjE3NTA2ODE2OTksImF0X2hhc2giOiJPNEsweWVraTFEbEJOenc2UjVyWkVaTkxRaEZVOVJzWFZyQ3hIWHQxVFpRIiwic2lkIjoiZ0xDY1B4RUVuMGJWd0pQeTNpa0lPSWIwRG5lbnU1NGoiLCJub25jZSI6InN1QnlJSVBjWXdCdFRBaW1qTkdKTVEiLCJyb2xlcyI6WyJyYXV0aHlfYWRtaW4iLCJhZG1pbiJdfQ", <<22, 212, 17, 15, 242, 194, 83, 153, 181, 180, 241, 92, 238, 104, 246, 152, 133, 203, 4, 249, 211, 224, 221, 157, 158, 14, 108, 36, 31, 116, 231, 7, 208, 38, 201, 119, 251, 219, 167, 42, 151, 70, 167, 63, 240, 165, 151, 11, 189, 254, ...>>, "EdDSA", %{"alg" => "EdDSA", "crv" => "Ed25519", "kid" => "2RfBsGWvoOqxmVe9nqqS83rN", "kty" => "OKP", "x" => "suXSvDkHWWx686g8EcwrcnCN7SH_0nwDvKqzshvpy3Q"})
    (assent 0.2.13) lib/assent/jwt_adapter/assent_jwt.ex:229: Assent.JWTAdapter.AssentJWT.do_verify/5
    (assent 0.2.13) lib/assent/jwt_adapter/assent_jwt.ex:149: Assent.JWTAdapter.AssentJWT.verify/3
    (assent 0.2.13) lib/assent/strategies/oidc.ex:311: Assent.Strategy.OIDC.validate_id_token/2
    (assent 0.2.13) lib/assent/strategies/oidc.ex:279: Assent.Strategy.OIDC.fetch_user/2
    (assent 0.2.13) lib/assent/strategies/oauth2.ex:387: Assent.Strategy.OAuth2.fetch_user_with_strategy/3
    (ash_authentication 4.9.3) lib/ash_authentication/strategies/oauth2/plug.ex:60: AshAuthentication.Strategy.OAuth2.Plug.callback/2
    (ash_authentication 4.9.3) lib/ash_authentication/plug/dispatcher.ex:30: AshAuthentication.Plug.Dispatcher.call/2
    (phoenix 1.7.21) lib/phoenix/router/route.ex:42: Phoenix.Router.Route.call/2
    (phoenix 1.7.21) lib/phoenix/router.ex:484: Phoenix.Router.__call__/5
    (mv 0.1.0) lib/mv_web/endpoint.ex:1: MvWeb.Endpoint.plug_builder_call/2
    (mv 0.1.0) deps/plug/lib/plug/debugger.ex:155: MvWeb.Endpoint."call (overridable 3)"/2
    (mv 0.1.0) lib/mv_web/endpoint.ex:1: MvWeb.Endpoint.call/2
    (phoenix 1.7.21) lib/phoenix/endpoint/sync_code_reload_plug.ex:22: Phoenix.Endpoint.SyncCodeReloadPlug.do_call/4
    (bandit 1.7.0) lib/bandit/pipeline.ex:131: Bandit.Pipeline.call_plug!/2
    (bandit 1.7.0) lib/bandit/pipeline.ex:42: Bandit.Pipeline.run/5
    (bandit 1.7.0) lib/bandit/http1/handler.ex:13: Bandit.HTTP1.Handler.handle_data/3
    (bandit 1.7.0) lib/bandit/delegating_handler.ex:18: Bandit.DelegatingHandler.handle_data/3
    (bandit 1.7.0) lib/bandit/delegating_handler.ex:8: Bandit.DelegatingHandler.handle_info/2
    (stdlib 6.2.2) gen_server.erl:2345: :gen_server.try_handle_info/3

Interesting, it may not be supported by assent: assent/lib/assent/jwt_adapter/assent_jwt.ex at v0.3.1 · pow-auth/assent · GitHub

@jimsynz knows more about how this all fits together than I do though, I’ll see if he has a few to look.

Yeah, for this stuff we just delegate to assent to do it, so I think opening an issue with them is the way to go.

okay, I will do so! Thanks for your support