Skip to content

Commit

Permalink
fix(dpop): support keys without "use" header (#347)
Browse files Browse the repository at this point in the history
  • Loading branch information
paulswartz authored Apr 30, 2024
1 parent 966ff37 commit f3e0a72
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 13 deletions.
16 changes: 8 additions & 8 deletions src/oidcc_jwt_util.erl
Original file line number Diff line number Diff line change
Expand Up @@ -439,24 +439,24 @@ encrypt(Jwt, Jwk, [Algorithm | _RestAlgorithms] = SupportedAlgorithms, Supported
-spec thumbprint(Jwk :: jose_jwk:key()) -> {ok, binary()} | error.
thumbprint(Jwk) ->
evaluate_for_all_keys(Jwk, fun
(#jose_jwk{fields = #{<<"use">> := <<"sig">>}} = Key) ->
{ok, jose_jwk:thumbprint(Key)};
(_Key) ->
error
(#jose_jwk{fields = #{<<"use">> := Use}}) when Use =/= <<"sig">> ->
error;
(Key) ->
{ok, jose_jwk:thumbprint(Key)}
end).

%% @private
-spec sign_dpop(Jwt :: #jose_jwt{}, Jwk :: jose_jwk:key(), SigningAlgSupported :: [binary()]) ->
{ok, binary()} | {error, no_supported_alg_or_key}.
sign_dpop(Jwt, Jwk, SigningAlgSupported) ->
evaluate_for_all_keys(Jwk, fun
(#jose_jwk{fields = #{<<"use">> := <<"sig">>}} = Key) ->
(#jose_jwk{fields = #{<<"use">> := Use}}) when Use =/= <<"sig">> ->
error;
(Key) ->
{_, PublicJwk} = jose_jwk:to_public_map(Key),
sign(Jwt, Key, SigningAlgSupported, #{
<<"typ">> => <<"dpop+jwt">>, <<"jwk">> => PublicJwk
});
(_Key) ->
error
})
end).

%% @private
Expand Down
6 changes: 1 addition & 5 deletions test/oidcc_authorization_test.erl
Original file line number Diff line number Diff line change
Expand Up @@ -1137,11 +1137,7 @@ private_key_jwt_fixture() ->
dpop_signing_alg_values_supported = [<<"RS256">>]
},

Jwks0 = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"),

Jwks = Jwks0#jose_jwk{
fields = #{<<"kid">> => <<"private_kid">>, <<"use">> => <<"sig">>}
},
Jwks = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"),

ClientId = <<"client_id">>,

Expand Down

0 comments on commit f3e0a72

Please sign in to comment.