From 0042b522ebbcffc6d6623e322d162d963eada3b5 Mon Sep 17 00:00:00 2001
From: Brent Shaffer <betterbrent@google.com>
Date: Tue, 17 Oct 2023 14:06:26 -0700
Subject: [PATCH] fix: allowed_algs not properly set for string value (#489)

---
 src/OAuth2.php       | 2 +-
 tests/OAuth2Test.php | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/OAuth2.php b/src/OAuth2.php
index 3db54c769..2e5adcdcf 100644
--- a/src/OAuth2.php
+++ b/src/OAuth2.php
@@ -1723,7 +1723,7 @@ private function getFirebaseJwtKeys($publicKey, $allowedAlgs)
 
         $allowedAlg = null;
         if (is_string($allowedAlgs)) {
-            $allowedAlg = $allowedAlg;
+            $allowedAlg = $allowedAlgs;
         } elseif (is_array($allowedAlgs)) {
             if (count($allowedAlgs) > 1) {
                 throw new \InvalidArgumentException(
diff --git a/tests/OAuth2Test.php b/tests/OAuth2Test.php
index 8de3f35b9..e00ab647f 100644
--- a/tests/OAuth2Test.php
+++ b/tests/OAuth2Test.php
@@ -1250,8 +1250,14 @@ public function testShouldReturnAValidIdToken()
         $alg = 'RS256';
         $jwtIdToken = JWT::encode($origIdToken, $privateKey, $alg);
         $o->setIdToken($jwtIdToken);
+
+        // Test with array alg
         $roundTrip = $o->verifyIdToken($publicKey, [$alg]);
         $this->assertEquals($origIdToken['aud'], $roundTrip->aud);
+
+        // Test with string alg
+        $roundTrip2 = $o->verifyIdToken($publicKey, $alg);
+        $this->assertEquals($origIdToken['aud'], $roundTrip2->aud);
     }
 }