search

cakephp / authentication

Authentication plugin for CakePHP. Can also be used in PSR7 based applications.
MIT License
116 stars 100 forks source link

JWT Authentication with JWKS does not pass the Algorithm on #667

Open Tyqo opened 2 months ago

Tyqo commented 2 months ago

Description

So in the JwtAuthenticator on line 154 the key-set is getting decoded with out the option of setting the algorithm. It uses Firebase\JWT\JWK which assumes that if no algorithm is passed that no algorithm will be used for decoding. After editing the line as followed, everything worked:

$keySet = JWK::parseKeySet($jsonWebKeySet, $this->getConfig('algorithm'));

CakePHP Version

5.0.9

PHP Version

8.1