root
/
libauth
镜像来自 https://github.com/therootcompany/libauth.git
1
0
複製 0
程式碼 問題管理 Projects 版本發佈 Wiki Activity

bugfix(claims): invert jwk check condition

This commit is contained in:
AJ ONeal 2022-05-09 13:34:08 -06:00
父節點 33ad482d74
當前提交 c3402609b4
沒有發現已知的金鑰在資料庫的簽署中
GPG Key ID: 562702827EF68D87
共有 1 個文件被更改,包括 2 次插入2 次删除
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libauth.go
查看文件

@ -42,7 +42,7 @@ func VerifyJWS(jws *keypairs.JWS, issuers keyfetch.Whitelist, r *http.Request) (
iss, issOK := jws.Claims["iss"].(string)
_, jwkOK := jws.Header["jwk"]
if jwkOK {
if !jwkOK {
if !kidOK || 0 == len(kid) {
//errs = append(errs, "must have either header.kid or header.jwk")
return nil, fmt.Errorf("Bad Request: missing 'kid' identifier")
@ -61,7 +61,7 @@ func VerifyJWS(jws *keypairs.JWS, issuers keyfetch.Whitelist, r *http.Request) (
var err error
pub, err = keyfetch.OIDCJWK(kid, iss)
if nil != err {
return nil, fmt.Errorf("Bad Request: 'kid' could not be matched to a known public key")
return nil, fmt.Errorf("Bad Request: 'kid' could not be matched to a known public key: %w", err)
}
} else {
return nil, fmt.Errorf("Bad Request: self-signed tokens with 'jwk' are not supported")