From 7e6242a8f7507baed831fedb4307e7f0db69ec7d Mon Sep 17 00:00:00 2001
From: einhornimmond <info@einhornimmond.de>
Date: Sun, 20 Jul 2025 09:52:55 +0200
Subject: [PATCH] add encryption key to jwks.json

---
 backend/src/openIDConnect/index.ts | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/backend/src/openIDConnect/index.ts b/backend/src/openIDConnect/index.ts
index 7bfdde040..11653afbb 100644
--- a/backend/src/openIDConnect/index.ts
+++ b/backend/src/openIDConnect/index.ts
@@ -27,8 +27,10 @@ export const jwks = async (req: any, res: any): Promise<void> => {
     throw new Error(defaultErrorForCaller)
   }
   try {
-    const publicKey = await importSPKI(homeCommunity.publicJwtKey, 'RS256')
-    const jwk = await exportJWK(publicKey)
+    const rs256Key = await importSPKI(homeCommunity.publicJwtKey, 'RS256')
+    const rsaKey = await importSPKI(homeCommunity.publicJwtKey, 'RSA-OAEP-256')
+    const jwkRs256 = await exportJWK(rs256Key)
+    const jwkRsa = await exportJWK(rsaKey)
 
     // Optional: calculate Key ID (z.B. SHA-256 Fingerprint)
     const kid = createHash('sha256')
@@ -38,11 +40,17 @@ export const jwks = async (req: any, res: any): Promise<void> => {
     const jwks = {
       keys: [
         {
-          ...jwk,
+          ...jwkRs256,
           alg: 'RS256',
           use: 'sig',
           kid,
         },
+        {
+          ...jwkRsa,
+          alg: 'RSA-OAEP-256',
+          use: 'sig',
+          kid,
+        },
       ],
     }
     res.setHeader('Cache-Control', 'public, max-age=3600, immutable')