cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: get remote keys if no cached key matches

Browse source
This commit is contained in:
Livio Amstutz 2021-09-14 11:22:24 +02:00
parent 7bb6443cd0
commit 928526286b
2 changed files with 21 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

3
pkg/oidc/verifier.go
View file

@ -39,6 +39,7 @@ var (
ErrSignatureMultiple = errors.New("id_token contains multiple signatures")
ErrSignatureUnsupportedAlg = errors.New("signature algorithm not supported")
ErrSignatureInvalidPayload = errors.New("signature does not match Payload")
ErrSignatureInvalid = errors.New("invalid signature")
ErrExpired = errors.New("token has expired")
ErrIatMissing = errors.New("issuedAt of token is missing")
ErrIatInFuture = errors.New("issuedAt of token is in the future")
@ -143,7 +144,7 @@ func CheckSignature(ctx context.Context, token string, payload []byte, claims Cl
signedPayload, err := set.VerifySignature(ctx, jws)
if err != nil {
return err
return fmt.Errorf("%w (%v)", ErrSignatureInvalid, err)
}
if !bytes.Equal(signedPayload, payload) {