GithubHelp home page GithubHelp logo

Comments (8)

larryboymi avatar larryboymi commented on May 20, 2024 3

I agree. I have a case with only an x5t as well. This spec refers to most of these as optional. Is there a way we could specify which header parameter to use as the key when searching via getSigningKey?

from node-jwks-rsa.

larryboymi avatar larryboymi commented on May 20, 2024 1

FWIW... I added this to my promisified version of my case for now...

const getSigningKey = (kID) => // in case k5t is there while kID is not
  getSigningKeys()
  .then((keys) => keys.find(k => k.k5t === kID || k.kid === kID))

from node-jwks-rsa.

Freundschaft avatar Freundschaft commented on May 20, 2024

I believe that https://tools.ietf.org/html/rfc7515#section-6 states that all the header parameters jku, jwk, kid x5u, x5c, x5t and x5t#s256 could be used to identify the key used, am I missing something?

from node-jwks-rsa.

williamdenton avatar williamdenton commented on May 20, 2024

for reference here is the code block that has the problem:

node-jwks-rsa/src/JwksClient.js

Lines 103 to 109 in b0bce42

const key = keys.find(k => k.kid === kid);
if (key) {
return cb(null, key);
} else {
this.logger(`Unable to find a signing key that matches '${kid}'`);
return cb(new SigningKeyNotFoundError(`Unable to find a signing key that matches '${kid}'`));
}

from node-jwks-rsa.

stale avatar stale commented on May 20, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇‍♂️

from node-jwks-rsa.

williamdenton avatar williamdenton commented on May 20, 2024

@damieng, could this at least be triaged by an Auth0 maintainer?

from node-jwks-rsa.

philmerrell avatar philmerrell commented on May 20, 2024

This came up for us when trying to validate access_tokens through ADFS. For whatever reason, id_tokens have a kid, but access_tokens have x5t in the header. Not sure if this is all ADFS instances or only ours. We don't have control over the box, so this would be a great fix.

from node-jwks-rsa.

dejan9393 avatar dejan9393 commented on May 20, 2024

I actually opened up #55 a while ago to allow JWT's without a KID header to pass validation

from node-jwks-rsa.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.