fix: drop support for EdDSA keys (#885)

aldbr · web-flow · commit a3ff003a6a54 · 2026-04-15T13:41:07.000+02:00
diff --git a/diracx-core/src/diracx/core/settings.py b/diracx-core/src/diracx/core/settings.py
@@ -227,8 +227,7 @@ def check_retention_greater_than_expiration(self) -> Self:
     generation and verification.
     """
 
-    # TODO: EdDSA should be removed later due to "SecurityWarning: EdDSA is deprecated via RFC 9864"
-    token_allowed_algorithms: list[str] = ["RS256", "EdDSA", "Ed25519"]  # noqa: S105
+    token_allowed_algorithms: list[str] = ["RS256", "Ed25519"]  # noqa: S105
     """List of allowed cryptographic algorithms for JWT token signing.
 
     Supported algorithms include RS256 (RSA with SHA-256) and Ed25519
diff --git a/docs/admin/reference/env-variables.md b/docs/admin/reference/env-variables.md
@@ -95,7 +95,7 @@ generation and verification.
 
 ### `DIRACX_SERVICE_AUTH_TOKEN_ALLOWED_ALGORITHMS`
 
-*Optional*, default value: `['RS256', 'EdDSA', 'Ed25519']`
+*Optional*, default value: `['RS256', 'Ed25519']`
 
 List of allowed cryptographic algorithms for JWT token signing.
 
