From 711b49aa29261d1e138e6e82b71f30b0137585e0 Mon Sep 17 00:00:00 2001
From: Zack Kayyali <zkayyali@redhat.com>
Date: Thu, 21 Aug 2025 16:59:45 -0400
Subject: [PATCH 1/2] Add Default JWT Algorithms

---
 ansible_base/authentication/authenticator_plugins/oidc.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ansible_base/authentication/authenticator_plugins/oidc.py b/ansible_base/authentication/authenticator_plugins/oidc.py
index 890720141..db409eea4 100644
--- a/ansible_base/authentication/authenticator_plugins/oidc.py
+++ b/ansible_base/authentication/authenticator_plugins/oidc.py
@@ -123,8 +123,12 @@ class OpenIdConnectConfiguration(BaseAuthenticatorConfiguration):
     )
 
     JWT_ALGORITHMS = ListField(
-        help_text=_("The algorithm(s) for decoding JWT responses from the IDP."),
-        default=None,
+        help_text=_(
+            "The algorithm(s) for decoding JWT responses from the IDP. "
+            "Leave blank to extract from the .well-known configuration (if that fails we will attempt the default algorithms). "
+            "Set to ['none'] to not use encrypted tokens (the provider must send unencrypted tokens for this to work)"
+        ),
+        default=OpenIdConnectAuth.JWT_ALGORITHMS,
         allow_null=True,
         validators=[JWTAlgorithmListFieldValidator()],
         ui_field_label=_('OIDC JWT Algorithm(s)'),

From 4d6918d7b2bb1691a2d1fd1c87df5fb9467f1a27 Mon Sep 17 00:00:00 2001
From: John Westcott IV <john.westcott.iv@redhat.com>
Date: Mon, 25 Aug 2025 09:25:17 -0400
Subject: [PATCH 2/2] Reverting some of the help test

---
 ansible_base/authentication/authenticator_plugins/oidc.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/ansible_base/authentication/authenticator_plugins/oidc.py b/ansible_base/authentication/authenticator_plugins/oidc.py
index db409eea4..f810c7e41 100644
--- a/ansible_base/authentication/authenticator_plugins/oidc.py
+++ b/ansible_base/authentication/authenticator_plugins/oidc.py
@@ -123,11 +123,7 @@ class OpenIdConnectConfiguration(BaseAuthenticatorConfiguration):
     )
 
     JWT_ALGORITHMS = ListField(
-        help_text=_(
-            "The algorithm(s) for decoding JWT responses from the IDP. "
-            "Leave blank to extract from the .well-known configuration (if that fails we will attempt the default algorithms). "
-            "Set to ['none'] to not use encrypted tokens (the provider must send unencrypted tokens for this to work)"
-        ),
+        help_text=_("The algorithm(s) for decoding JWT responses from the IDP."),
         default=OpenIdConnectAuth.JWT_ALGORITHMS,
         allow_null=True,
         validators=[JWTAlgorithmListFieldValidator()],