From 2bb1896db35253317da2b4a7a9d708df779fd542 Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Mon, 4 Aug 2025 23:41:58 +0200
Subject: [PATCH] Change OIDC signature algorithm to `RS256` to match JWT

In https://github.com/coreos/go-oidc/compare/v3.14.1...v3.15.0, the
JWT signature algorithm verification is moved earlier into the
process, resulting in our existing test failing. The JWT has
algorithm `RS256` set, whereas the verifier had `ES256`. It needs
to have `RS256` to validate the token.
---
 acme/challenge_wire_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acme/challenge_wire_test.go b/acme/challenge_wire_test.go
index f591c613..647be935 100644
--- a/acme/challenge_wire_test.go
+++ b/acme/challenge_wire_test.go
@@ -2207,7 +2207,7 @@ MCowBQYDK2VwAyEA5c+4NKZSNQcR1T8qN6SjwgdPZQ0Ge12Ylx/YeGAJ35k=
 			},
 			Config: &wireprovisioner.Config{
 				ClientID:            "wireapp",
-				SignatureAlgorithms: []string{"ES256"},
+				SignatureAlgorithms: []string{"RS256"},
 				Now: func() time.Time {
 					return time.Date(2024, 1, 12, 18, 32, 41, 0, time.UTC) // (Token Expiry: 2024-01-12 21:32:42 +0100 CET)
 				},