Merge pull request #23 from macroparts/master

adds support for multiple public keys
steverhoades · Jun 13, 2021 · 5e9c175 · 5e9c175
2 parents 0159471 + 1b70b2b
commit 5e9c175
Showing 1 changed file with 19 additions and 2 deletions.
diff --git a/src/OpenIDConnectProvider.php b/src/OpenIDConnectProvider.php
@@ -95,7 +95,16 @@ protected function getRequiredOptions()
 
     public function getPublicKey()
     {
-        return new Key($this->publicKey);
+        if (is_array($this->publicKey)) {
+            return array_map(
+                function($key) {
+                    return new Key($key);
+                },
+                $this->publicKey
+            );
+        }
+
+        return [new Key($this->publicKey)];
     }
 
     /**
@@ -124,7 +133,15 @@ public function getAccessToken($grant, array $options = [])
         //
         // The alg value SHOULD be the default of RS256 or the algorithm sent by the Client in the
         // id_token_signed_response_alg parameter during Registration.
-        if (false === $token->verify($this->signer, $this->getPublicKey())) {
+        $verified = false;
+        foreach ($this->getPublicKey() as $key) {
+            if (false !== $token->verify($this->signer, $key)) {
+                $verified = true;
+                break;
+            }
+        }
+
+        if (!$verified) {
             throw new InvalidTokenException('Received an invalid id_token from authorization server.');
         }