*/
protected function loadFromJwkArray(array $jwk)
{
- if ($jwk['alg'] !== 'RS256') {
- throw new OidcInvalidKeyException("Only RS256 keys are currently supported. Found key using {$jwk['alg']}");
+ // 'alg' is optional for a JWK, but we will still attempt to validate if
+ // it exists otherwise presume it will be compatible.
+ $alg = $jwk['alg'] ?? null;
+ if ($jwk['kty'] !== 'RSA' || !(is_null($alg) || $alg === 'RS256')) {
+ throw new OidcInvalidKeyException("Only RS256 keys are currently supported. Found key using {$alg}");
}
if (empty($jwk['use'])) {
protected function filterKeys(array $keys): array
{
return array_filter($keys, function (array $key) {
- return $key['kty'] === 'RSA' && $key['use'] === 'sig' && $key['alg'] === 'RS256';
+ $alg = $key['alg'] ?? null;
+ return $key['kty'] === 'RSA' && $key['use'] === 'sig' && (is_null($alg) || $alg === 'RS256');
});
}
$this->assertCount(4, $transactions);
}
+ public function test_auth_login_with_autodiscovery_with_keys_that_do_not_have_alg_property()
+ {
+ $this->withAutodiscovery();
+
+ $keyArray = OidcJwtHelper::publicJwkKeyArray();
+ unset($keyArray['alg']);
+
+ $this->mockHttpClient([
+ $this->getAutoDiscoveryResponse(),
+ new Response(200, [
+ 'Content-Type' => 'application/json',
+ 'Cache-Control' => 'no-cache, no-store',
+ 'Pragma' => 'no-cache',
+ ], json_encode([
+ 'keys' => [
+ $keyArray,
+ ],
+ ])),
+ ]);
+
+ $this->assertFalse(auth()->check());
+ $this->runLogin();
+ $this->assertTrue(auth()->check());
+ }
+
protected function withAutodiscovery()
{
config()->set([
projects / bookstack / commitdiff