root
/
libauth
mirror of https://github.com/therootcompany/libauth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

bugfix(claims): invert jwk check condition

This commit is contained in:
AJ ONeal 2022-05-09 13:34:08 -06:00
parent 33ad482d74
commit c3402609b4
No known key found for this signature in database
GPG Key ID: 562702827EF68D87
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libauth.go
View File

@ -42,7 +42,7 @@ func VerifyJWS(jws *keypairs.JWS, issuers keyfetch.Whitelist, r *http.Request) (
iss, issOK := jws.Claims["iss"].(string) iss, issOK := jws.Claims["iss"].(string)
_, jwkOK := jws.Header["jwk"] _, jwkOK := jws.Header["jwk"]
if jwkOK { if !jwkOK {
if !kidOK || 0 == len(kid) { if !kidOK || 0 == len(kid) {
//errs = append(errs, "must have either header.kid or header.jwk") //errs = append(errs, "must have either header.kid or header.jwk")
return nil, fmt.Errorf("Bad Request: missing 'kid' identifier") return nil, fmt.Errorf("Bad Request: missing 'kid' identifier")
@ -61,7 +61,7 @@ func VerifyJWS(jws *keypairs.JWS, issuers keyfetch.Whitelist, r *http.Request) (
var err error var err error
pub, err = keyfetch.OIDCJWK(kid, iss) pub, err = keyfetch.OIDCJWK(kid, iss)
if nil != err { if nil != err {
return nil, fmt.Errorf("Bad Request: 'kid' could not be matched to a known public key") return nil, fmt.Errorf("Bad Request: 'kid' could not be matched to a known public key: %w", err)
} }
} else { } else {
return nil, fmt.Errorf("Bad Request: self-signed tokens with 'jwk' are not supported") return nil, fmt.Errorf("Bad Request: self-signed tokens with 'jwk' are not supported")