Closed ottokruse closed 2 years ago
Thanks @leelalagudu @hakanson wanna have a peek at this one?
I just had the one comment/question above related to new Errors in error.ts
, otherwise LGTM
I did another pass through the code - still looks good and findJwkInJwks
does make things more readable.
Issue #, if available: #68
Description of changes: Only verify for the JWK at hand, that it is a JWK intended for RSA signatures.
In other words: the complete JWKS may from this change onwards, also comprise non-RSA JWKs (e.g. for elliptic curve signatures). Previously, the inclusion of a non-RSA JWK in the JWKS would throw an error, even if that JWK was not used for the signature verification of the JWT at hand.
So the following (new) unit test now passes, where it would have failed before––because there's non-RSA JWKs in the JWKS, that triggered a JWK validation failure before:
https://github.com/awslabs/aws-jwt-verify/blob/752212b283fa395b6076569f59253f9fbab2d90c/tests/unit/jwt-rsa.test.ts#L104-L132
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.