RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: include the jwk key id in the jwt for validation (#1983) 

This is so the sig key used to sign the JWT can be verified using the JWKS endpoint.

Fixes #1979
pull/1985/head^2
James Elliott 2021-05-07 11:59:39 +10:00 committed by GitHub
parent 544373de17
commit c0ac8bf5ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/handlers/oidc.go
View File

@ -100,7 +100,10 @@ func newDefaultOIDCSession(ctx *middlewares.AutheliaCtx) (session *openid.Defaul
Extra: make(map[string]interface{}), Extra: make(map[string]interface{}),
}, },
Headers: &jwt.Headers{ Headers: &jwt.Headers{
Extra: make(map[string]interface{}), Extra: map[string]interface{}{
// TODO: Obtain this from the active keys when we implement key rotation.
"kid": "main-key",
},
}, },
}, err }, err
} }