🐛 fix: use OpenID token signature algo as discovered from the server (danny-avila#5348)

* 🐛 fix: use OpenID token signature algo as discovered from the server.

* 📜 refactor: Keeping other props that uses alg.

* 🔧 fix: handle missing property

* 📘 refactor: add comment block

Author: ragavpr

api/strategies/openidStrategy.js

@@ -114,10 +114,21 @@ async function setupOpenId() {
       logger.info(`[openidStrategy] proxy agent added: ${process.env.PROXY}`);
     }
     const issuer = await Issuer.discover(process.env.OPENID_ISSUER);
+    /* Supported Algorithms, openid-client v5 doesn't set it automatically as discovered from server.
+      - id_token_signed_response_alg      // defaults to 'RS256'
+      - request_object_signing_alg        // defaults to 'RS256'
+      - userinfo_signed_response_alg      // not in v5
+      - introspection_signed_response_alg // not in v5
+      - authorization_signed_response_alg // not in v5
+    */
+    const supported_alg = {
+      id_token_signed_response_alg: issuer.id_token_signing_alg_values_supported?.[0] || 'RS256',
+    };
     const client = new issuer.Client({
       client_id: process.env.OPENID_CLIENT_ID,
       client_secret: process.env.OPENID_CLIENT_SECRET,
       redirect_uris: [process.env.DOMAIN_SERVER + process.env.OPENID_CALLBACK_URL],
+      ...supported_alg,
     });
     const requiredRole = process.env.OPENID_REQUIRED_ROLE;
     const requiredRoleParameterPath = process.env.OPENID_REQUIRED_ROLE_PARAMETER_PATH;