This resolves issue #345. When the userinfo endpoint returns a JWT instead of JSON as identified by the Content-Type header of application/jwt then the userinfo response is validated and used. A unit test covering this case was added and existing unit tests were not broken.
I also tested this change using Keycloak with the "User info signed response algorithm" option set to "RS256". When set to "None" (the default) it succeeds, when set to "RS256", it fails in the same manner reported in #345, userinfo is null and an error is logged "openidc.lua:1172: authenticate(): error calling userinfo endpoint: JSON decoding failed". With these changes, userinfo is now not null and the error is no longer present.
This resolves issue #345. When the userinfo endpoint returns a JWT instead of JSON as identified by the Content-Type header of application/jwt then the userinfo response is validated and used. A unit test covering this case was added and existing unit tests were not broken.
I also tested this change using Keycloak with the "User info signed response algorithm" option set to "RS256". When set to "None" (the default) it succeeds, when set to "RS256", it fails in the same manner reported in #345, userinfo is null and an error is logged "openidc.lua:1172: authenticate(): error calling userinfo endpoint: JSON decoding failed". With these changes, userinfo is now not null and the error is no longer present.