-
Notifications
You must be signed in to change notification settings - Fork 418
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bugfix/unable to extract jwk without kid #1517
Bugfix/unable to extract jwk without kid #1517
Conversation
…ly throw error on several matches if neither keyId nor use is present
…input parameter enabling the return of an empty array instead of throwing an error when there are no matches
…ion without filtering on use if no matches. Using first match.
@damienbod Could you find the time to check out this PR? It's fixing what stops us from upgrading from Angular 13 |
@@ -44,9 +44,9 @@ describe('JwkWindowCryptoService', () => { | |||
}); | |||
}); | |||
|
|||
beforeEach(() => { | |||
beforeEach(async () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use waitforasync
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@FabianGosebrink Thanks for the feedback! How about now? 😄
Thanks @erichjsonfosse PR LGTM I do some manual testing and release, all goes well, this weekend One test is failing |
Thanks for the feedback @damienbod ! Managed to reproduce locally now. Working on it. |
@damienbod Both the |
Thanks so much @erichjsonfosse !!!!! ❣️ |
Fixes: #1339
Tests passing?: Affirmative
JwkExtractor
, a service that conforms with RFC7517 when it comes to thekty
,kid
anduse
claims.JwkWindowCryptoService
, a "sibling" toJwtWindowCryptoService
TokenValidationService.validateSignatureIdToken
to test for a successful resultDescription:
The
TokenValidationService
now tries to extract keys based onkty
anduse
, andkid
if it exists. If no matches are found, it tries to extract keys based onkty
, andkid
if it exists (kty
is required by the spec). If no matches are found, a sensible error is thrown. If matches are found, the first one is chosen, regardless of the number of matches.Tested
sample-code-flow-refresh-tokens
successfully with https://offeringsolutions-sts.azurewebsites.net when running the project locally.Let me know if anything is missing or not up to expectations, and I'll update the PR asap 👍