]> BookStack Code Mirror - bookstack/blobdiff - app/Auth/Access/Oidc/OidcJwtSigningKey.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Guest create page: name field autofocus
[bookstack] / app / Auth / Access / Oidc / OidcJwtSigningKey.php
diff --git a/app/Auth/Access/Oidc/OidcJwtSigningKey.php b/app/Auth/Access/Oidc/OidcJwtSigningKey.php
index 012a6cbf9c10c72a7a27a26883f8a23173e58f72..f003ec93ca1c1df3f2c80ef9a3a940e2d90697fe 100644 (file)
--- a/app/Auth/Access/Oidc/OidcJwtSigningKey.php
+++ b/app/Auth/Access/Oidc/OidcJwtSigningKey.php
@@ -67,11 +67,10 @@ class OidcJwtSigningKey
             throw new OidcInvalidKeyException("Only RS256 keys are currently supported. Found key using {$alg}");
         }
 
-        if (empty($jwk['use'])) {
-            throw new OidcInvalidKeyException('A "use" parameter on the provided key is expected');
-        }
-
-        if ($jwk['use'] !== 'sig') {
+        // 'use' is optional for a JWK but we assume 'sig' where no value exists since that's what
+        // the OIDC discovery spec infers since 'sig' MUST be set if encryption keys come into play.
+        $use = $jwk['use'] ?? 'sig';
+        if ($use !== 'sig') {
             throw new OidcInvalidKeyException("Only signature keys are currently supported. Found key for use {$jwk['use']}");
         }
 
The core source code for the BookStack project.