cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix exactMatch

Browse source
This commit is contained in:
Livio Amstutz 2021-09-14 12:15:31 +02:00
parent 0829207a39
commit 7eb983905e
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pkg/client/rp/jwks.go
View file

@ -121,13 +121,20 @@ func (r *remoteKeySet) verifySignatureCached(jws *jose.JSONWebSignature, keyID,
if payload != nil { if payload != nil {
return payload, nil return payload, nil
} }
if key.KeyID != keyID || (key.KeyID == "" && keyID == "" && !r.skipRemoteCheck) { if !r.exactMatch(key.KeyID, keyID) {
//no exact key match, try getting better match with remote keys //no exact key match, try getting better match with remote keys
return nil, nil return nil, nil
} }
return nil, fmt.Errorf("signature verification failed: %w", err) return nil, fmt.Errorf("signature verification failed: %w", err)
} }
func (r *remoteKeySet) exactMatch(jwkID, jwsID string) bool {
if jwkID == "" && jwsID == "" && r.skipRemoteCheck {
return true
}
return jwkID == jwsID
}
func (r *remoteKeySet) verifySignatureRemote(ctx context.Context, jws *jose.JSONWebSignature, keyID, alg string) ([]byte, error) { func (r *remoteKeySet) verifySignatureRemote(ctx context.Context, jws *jose.JSONWebSignature, keyID, alg string) ([]byte, error) {
keys, err := r.keysFromRemote(ctx) keys, err := r.keysFromRemote(ctx)
if err != nil { if err != nil {