Thibaultmh/proposed fix to decode id token without kid in alg header

lepture / authlib

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

https://authlib.org/

BSD 3-Clause "New" or "Revised" License

4.52k stars 452 forks source link

Closed thibault-tiro closed 1 month ago

thibault-tiro commented 3 months ago

DO NOT SEND ANY SECURITY FIX HERE. Please read "Security Reporting" section on README.

What kind of change does this PR introduce? (check at least one)

Does this PR introduce a breaking change? (check one)

[X] You consent that the copyright of your pull request source code belongs to Authlib's author.

axelv commented 2 months ago

First of all thx for maintaining this awesome library. Any perspective on when this PR will be released?

lepture commented 1 month ago

Thanks for the fix.

FrancisRalph commented 3 weeks ago

Was about to raise a PR for this, thanks! Would it be possible to bump the version? @lepture