cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix exactMatch

Browse source
This commit is contained in:
Livio Amstutz 2021-09-14 12:17:40 +02:00
parent 7eb983905e
commit 42eb67d7b0
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pkg/client/rp/jwks.go
View file

@ -102,9 +102,9 @@ func (r *remoteKeySet) VerifySignature(ctx context.Context, jws *jose.JSONWebSig
//
//if there is only one possible, it tries to verify the signature and will return the payload if successful
//
//it only returns an error if signature validation fails and if either:
// - both (JWT and JWK) kid match
// - or both are empty and skipRemoteCheck is set to true
//it only returns an error if signature validation fails and keys exactMatch which is if either:
// - both kid are empty and skipRemoteCheck is set to true
// - or both (JWT and JWK) kid are equal
//
//otherwise it will return no error (so remote keys will be loaded)
func (r *remoteKeySet) verifySignatureCached(jws *jose.JSONWebSignature, keyID, alg string) ([]byte, error) {