dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Provide kid in JWT only for RS signatures (#1426)

Browse Source
This commit is contained in:
Clément OUDOT 2018-05-19 16:29:05 +02:00
parent f042af3ab0
commit 3898db68a7
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm
View File

@ -1154,8 +1154,10 @@ sub createJWT {
# JWT header
my $jwt_header_hash = { typ => "JWT", alg => $alg };
$jwt_header_hash->{kid} = $self->conf->{oidcServiceKeyIdSig}
if $self->conf->{oidcServiceKeyIdSig};
if ( $alg eq "RS256" or $alg eq "RS384" or $alg eq "RS512" ) {
$jwt_header_hash->{kid} = $self->conf->{oidcServiceKeyIdSig}
if $self->conf->{oidcServiceKeyIdSig};
}
my $jwt_header = encode_base64( to_json($jwt_header_hash), "" );
if ( $alg eq "none" ) {