[Bug]: DataError: The JWK "alg" member was inconsistent with that specified by the Web Crypto call

[mliu0506]

Version

16.0.1

Please provide a link to a minimal reproduction of the bug

Here is the https://.../oidc/connect/jwk_uri : {
"keys": [
{
"kty": "EC",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"x": “…”,
"y": “…”,
"crv": "P-256",
"alg": "ES256"
},
{
"kty": "RSA",
"kid": “…”,
"use": "enc",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RSA-OAEP"
},
{
"kty": "RSA",
"kid": “…”,
"use": "enc",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RSA-OAEP-256"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RS512"
},
{
"kty": "RSA",
"kid": “…”,
"use": "enc",
"x5t": “…”,
"x5c": [
“..”
],
"n": “…”,
"e": "AQAB",
"alg": "RSA1_5"
},
{
"kty": "EC",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"x": “…”,
"y": “…”,
"crv": "P-384",
"alg": "ES384"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "PS256"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RS256"
},
{
"kty": "EC",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"x": “…”,
"y": “…”,
"crv": "P-521",
"alg": "ES512"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "PS512"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “s…”,
"e": "AQAB",
"alg": "PS384"
},
{
"kty": "RSA",
"kid": “…”,
"use": "sig",
"x5t": “…”,
"x5c": [
“…”
],
"n": “…”,
"e": "AQAB",
"alg": "RS384"
}
]
}

Please provide the exception or error you saw

I have upgraded form 12.0.3 to 16.0.1.  
    this.oidcSecurityService
      .checkAuth()
      .subscribe(
        ({isAuthenticated}) => {console.log('app authenticated', isAuthenticated);}
      );
In version 12.0.3 the isAuthenticated is return "true" and I have no problem to logging in. 
But, after I have upgraded to 16.0.1 the exact same value of the JWK URI returned. 
It's complaining about the JWK "alg" member was inconsistent.

Steps to reproduce the behavior

I am using code flow with http config.  At first all the configuration is been loaded.  
Here is the authWellKnownEndpoints: 
  "authWellknownEndpointUrl": "https://../oidc-discovery/v1",
  "authWellknownEndpoints": {
    "issuer": "https://.../sso/oauth2/realms/root/realms/idaaspstoidc",
    "jwksUri": "https://.../oidc/connect/jwk_uri",
    "authorizationEndpoint": "https://.../oidc/authorize",
    "tokenEndpoint": "https://.../oidc/access_token",
    "userInfoEndpoint": "https://.../oidc/userinfo",
    "endSessionEndpoint": "https://.../oidc/connect/endSession",
    "checkSessionIframe": "https://.../oidc/connect/checkSession",
    "revocationEndpoint": "https://.../oidc/token/revoke",
    "introspectionEndpoint": "https://.../oidc/introspect"
  }

After oidcSecurityService.checkAuth(), it return the error saying "JWK "alg" member was inconsistent".  
I have seen the login process is success and it was returning the access token as well.
The AuthCallback created, begin token validation…
After that, Getting signinkeys from jwk_uri
Then it failure on the SigninKeyDataService.getSigningKeys

A clear and concise description of what you expected to happen.

It seems like the issues is happening when getting sign in keys from in the following code:

class SigninKeyDataService {
    constructor(storagePersistenceService, loggerService, dataService) {
        this.storagePersistenceService = storagePersistenceService;
        this.loggerService = loggerService;
        this.dataService = dataService;
    }
    getSigningKeys(currentConfiguration) {
        const authWellKnownEndPoints = this.storagePersistenceService.read('authWellKnownEndPoints', currentConfiguration);
        const jwksUri = authWellKnownEndPoints?.jwksUri;
        if (!jwksUri) {
            const error = `getSigningKeys: authWellKnownEndpoints.jwksUri is: '${jwksUri}'`;
            this.loggerService.logWarning(currentConfiguration, error);
            return throwError(() => new Error(error));
        }
        this.loggerService.logDebug(currentConfiguration, 'Getting signinkeys from ', jwksUri);
        return this.dataService.get(jwksUri, currentConfiguration).pipe(retry(2), catchError((e) => this.handleErrorGetSigningKeys(e, currentConfiguration)));
    }
    handleErrorGetSigningKeys(errorResponse, currentConfiguration) {
        let errMsg = '';
        if (errorResponse instanceof HttpResponse) {
            const body = errorResponse.body || {};
            const err = JSON.stringify(body);
            const { status, statusText } = errorResponse;
            errMsg = `${status || ''} - ${statusText || ''} ${err || ''}`;
        }
        else {
            const { message } = errorResponse;
            errMsg = !!message ? message : `${errorResponse}`;
        }
        this.loggerService.logError(currentConfiguration, errMsg);
        return throwError(() => new Error(errMsg));
    }

Additional context

I am suck in my upgrade process, please let me know if I can bypass the validation or skip the sign in key data service. I really appreciate if some can help me on this issue. Thank you in advance.