Comments (8)
I agree. I have a case with only an x5t
as well. This spec refers to most of these as optional. Is there a way we could specify which header parameter to use as the key when searching via getSigningKey
?
from node-jwks-rsa.
FWIW... I added this to my promisified version of my case for now...
const getSigningKey = (kID) => // in case k5t is there while kID is not
getSigningKeys()
.then((keys) => keys.find(k => k.k5t === kID || k.kid === kID))
from node-jwks-rsa.
I believe that https://tools.ietf.org/html/rfc7515#section-6 states that all the header parameters jku, jwk, kid x5u, x5c, x5t and x5t#s256 could be used to identify the key used, am I missing something?
from node-jwks-rsa.
for reference here is the code block that has the problem:
node-jwks-rsa/src/JwksClient.js
Lines 103 to 109 in b0bce42
from node-jwks-rsa.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇♂️
from node-jwks-rsa.
@damieng, could this at least be triaged by an Auth0 maintainer?
from node-jwks-rsa.
This came up for us when trying to validate access_tokens through ADFS. For whatever reason, id_tokens have a kid, but access_tokens have x5t in the header. Not sure if this is all ADFS instances or only ours. We don't have control over the box, so this would be a great fix.
from node-jwks-rsa.
I actually opened up #55 a while ago to allow JWT's without a KID header to pass validation
from node-jwks-rsa.
Related Issues (20)
- Types for JwksClient.getSigningKey still allows callbacks HOT 2
- cache doesn't work for the expressJwtSecret function HOT 3
- Types conflict between [email protected] and [email protected] HOT 2
- FIX BUG TYPES WITH TYPESCRIPT AND AUTH 0 HOT 1
- The JWKS endpoint did not contain any signing keys HOT 2
- cb is not a function HOT 2
- Add pre-fetch keys / tweaks to caching HOT 2
- strictSsl property not available jwksRsa.hapiJwt2KeyAsync HOT 2
- Please upgrade dependencies HOT 5
- I can't login to my wallet I tried everything else but it is hopeless 😔 I hope you can understand that I created Bitcoin with satoshi nakamoto in 2008
- error in secret or public key callback: The JWKS endpoint did not contain any signing keys HOT 3
- Consider outputting ESM HOT 2
- types referred in dependencies section of package json HOT 2
- Make jwks-rsa resilient in the face of inability to access the underlying JWKS HOT 1
- Provide a way to prevent `getKeysInterceptor` falling back to `jwksUri` when the result doesn't contain the `kid` HOT 2
- No support for Cloudflare Workers HOT 3
- Can't match types definition in @types/[email protected] HOT 2
- error TS2688: Cannot find type definition file for 'express-unless'.
- Bump jose to v5 HOT 2
- Add module-info.java
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-jwks-rsa.