Azure B2c OIDC - The key type 'EC' from the JSON web keys endpoint 'https://akztest/pf/JWKS is not a supported key type.

Question

Azure B2c OIDC - The key type 'EC' from the JSON web keys endpoint 'https://akztest/pf/JWKS is not a supported key type.

Akz0rz 1

While setting up Azure B2C OIDC to PingFederate I get the following error:
The key type 'EC' from the JSON web keys endpoint 'https://akztest/pf/JWKS is not a supported key type.

I am using the proper .well-known\openid-configuration endpoint.

I have set my Access token manager to use RSA, but it's as if Microsoft is not allowing anything because the JWKS have other cyphers?

Please help.

Answer 1

AmanpreetSingh-MSFT 55,431

@Akz0rz
Azure AD B2C cannot parse the Identity provider metadata when it contains EC keys. So, it requires exposing metadata that only contains RSA Keys. We have a feature request opened to add support for EC Keys in future but there is no ETA as of now.

---------------------------------------------------------------------------------------------------------------

Please "mark as answer" or "vote as helpful" wherever the information provided helps you to help others in the community.

David Hunziker 1 Reputation point

2020-02-10T10:02:53.403+00:00

Any updates?
AmanpreetSingh-MSFT 55,431 Reputation points

2020-02-10T10:33:09.97+00:00

Once there is an update it will be posted here: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/38510968-aad-b2c-add-support-for-ec-key-type-to-openid-con
Ajmera, Pankaj (King of Prussia) 1 Reputation point

2020-02-27T14:46:56.103+00:00

Any update on this, I saw the other URL as well but didn;t find any update... when the support of EC type key is going to be available????

If not soon, then what is the interim solution other then asking IdP to disable it, which is kind of not doable as that impact their other applications.

Azure B2c OIDC - The key type 'EC' from the JSON web keys endpoint 'https://akztest/pf/JWKS is not a supported key type.

1 answer

Activity