BUGFIX: Fix support for JWTs without 'kid' header

flownative / flow-openidconnect-client

OpenID Connect Client SDK for Flow Framework

MIT License

6 stars 8 forks source link

BUGFIX: Fix support for JWTs without 'kid' header #31

Closed bwaidelich closed 3 years ago

bwaidelich commented 3 years ago

In IdentityToken::hasValidSignature() the method getMatchingKeyForJws() can be invoked with a $keyIdentifier parameter of null. But the signature and implementation didn't support that case.

bwaidelich commented 3 years ago

FYI: I created this PR against the 2 branch in case you want to release bugfix versions. It probably has to be upmerged to master for a new 3.x release

bwaidelich commented 3 years ago

Still, if $keyIdentifier is not null but the array key 'kid' does not exist in $key, PHP might fail with an "invalid array offset" error, or?

@robertlemke doh, you're right of course.. Sorry for that, now it should be fine!?

bwaidelich commented 3 years ago

Doh, I think I rebased to master and this was originally a bugfix against branch 2 :-/

bwaidelich commented 3 years ago

OK, fixed it..