-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow JWKSet with single key without kid set. #3
Conversation
any idea when this could be merged ? |
I checked another popular JWT handling lib Even though a JWKS might only have 1 key, the key could change in future and hence your JWT header must always have the So I don't think this change should be merged. |
That check is only done if there is an array of keys and not a single key. See the first 3 lines in the method.
The JWT specification has no mention of
I agree, that, not having the |
Fair enough, we can't control what various providers do. |
@ovr The testsuite CI is not hooked to show the results for commit/PRs? |
You are right! I forget to connect this repo to GitLab CI as an external repo. I migrated this repo to GitHub actions. We need to rebase this PR to affect changes. Can you please rebase your PR @MaPePeR? Thanks |
Co-authored-by: ADmad <[email protected]>
8b1180a
to
c9860e0
Compare
@ovr You need to allow the workflow to run. I don't have write perms on this repo 🙂. |
@ADmad Done, I've added you as a collaborator to this repository to allow that too. I'm sorry for late reply. |
@ovr Should I do a new minor release? |
@ADmad yeah, minor or path. It's really hard to classify this change. |
It's a feature addition IMO and since the public API has changed a new minor |
Fixes SocialConnect/auth#139.
Sadly I couldn't find any tests for
verifySignature
to extend for this case, so this is untested.