Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skipped kid validation when alg is HS256 [SDK-2328] #455

Merged
merged 2 commits into from
Feb 18, 2021
Merged

Skipped kid validation when alg is HS256 [SDK-2328] #455

merged 2 commits into from
Feb 18, 2021

Conversation

Widcket
Copy link
Contributor

@Widcket Widcket commented Feb 17, 2021
edited
Loading

Changes

When an app is using HS256, the ID Token validation will fail because it will look for a kid and will not find any. This PR will bail out of signature validation early if the algorithm is HS256.

Also, a linter warning generated by the latest version of SwiftLint got fixed:
Redundant Optional Initialization Violation: Initializing an optional variable with nil is redundant. (redundant_optional_initialization).

References

Fixes #454

Testing

  • This change adds unit test coverage
  • This change has been tested on the latest version of the platform/language or why not

Checklist

@Widcket Widcket requested a review from a team as a code owner February 17, 2021 22:40
@Widcket Widcket changed the title Skip kid validation when alg is HS256 Skipped kid validation when alg is HS256 Feb 17, 2021
Widcket
Widcket commented Feb 17, 2021
View reviewed changes
Auth0/Credentials.swift
@@ -53,8 +53,8 @@ public class Credentials: NSObject, JSONObjectPayload, NSSecureCoding {
}

convenience required public init(json: [String: Any]) {
var expiresIn: Date? = nil
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was causing the linter warning, because it was initializing with nil an optional variable.

@Widcket Widcket changed the title Skipped kid validation when alg is HS256 Skipped kid validation when alg is HS256 [SDK-2328] Feb 17, 2021
@Widcket Widcket merged commit 5e2ab3f into master Feb 18, 2021
@Widcket Widcket deleted the fix/hs256 branch February 18, 2021 13:48
@Widcket Widcket added this to the vNext milestone Mar 9, 2021
@Widcket Widcket mentioned this pull request Mar 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevehobbsdev stevehobbsdev stevehobbsdev approved these changes

Assignees
No one assigned
Labels
CH: Fixed review:small Small review
Projects
None yet
Milestone
1.31.1
Development

Successfully merging this pull request may close these issues.

"Could not find a public key for Key ID" error with version 1.28.0 and beyond
2 participants
@Widcket @stevehobbsdev