Spring Security OidcIdTokenDecoderFactory can support multiple SignatureAlgorithm

Expected Behavior

For Resource Server, the Decoder can fetch different algorithms based on the public key endpoint

https://github.com/spring-projects/spring-security/blob/main/docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc#from-jwk-set-response

Current Behavior

For OidcIdTokenDecoderFactory, it's unclear how to do so. It doesn't work by

@Bean
fun jwtDecoder(): JwtDecoder {
    // makes a request to the JWK Set endpoint
    val jwsKeySelector: JWSKeySelector<SecurityContext> = JWSAlgorithmFamilyJWSKeySelector.fromJWKSetURL<SecurityContext>(this.jwkSetUrl)
    val jwtProcessor: DefaultJWTProcessor<SecurityContext> = DefaultJWTProcessor()
    jwtProcessor.jwsKeySelector = jwsKeySelector
    return NimbusJwtDecoder(jwtProcessor)
}

and may need to customize https://github.com/spring-projects/spring-security/blob/6.0.0-M6/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/OidcIdTokenDecoderFactory.java, or any other alternatives?

Context I want the decoder can work based on different algorithms listed in the public key endpoint like the resource server approach. The workaround would be to customizeOidcIdTokenDecoderFactory

Comment From: sjohnr

@HungUnicorn, thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.

Comment From: sjohnr

See related question.