-
Notifications
You must be signed in to change notification settings - Fork 233
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How does the library work for a token that doesn't have kid in header, but only x5t? #5
Comments
I believe that https://tools.ietf.org/html/rfc7515#section-6 states that all the header parameters jku, jwk, kid x5u, x5c, x5t and x5t#s256 could be used to identify the key used, am I missing something? |
I agree. I have a case with only an |
FWIW... I added this to my promisified version of my case for now...
|
for reference here is the code block that has the problem: node-jwks-rsa/src/JwksClient.js Lines 103 to 109 in b0bce42
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇♂️ |
@damieng, could this at least be triaged by an Auth0 maintainer? |
This came up for us when trying to validate access_tokens through ADFS. For whatever reason, id_tokens have a kid, but access_tokens have x5t in the header. Not sure if this is all ADFS instances or only ours. We don't have control over the box, so this would be a great fix. |
I actually opened up #55 a while ago to allow JWT's without a KID header to pass validation |
I have a token with a header that has only set the x5t field, but not the kid field, as far as I can see this lib is using only the kid value? how would be the correct way to proceed with a JWT that only has X5T in the header?
as far as I can see form my well known jwks file, both values are identical there.
The text was updated successfully, but these errors were encountered: