Skip to content

Commit 15ec918

Browse files
maicol07maicol07
committed
Get JWKS only when JWT is signed with RSA
1 parent 6b16ce6 commit 15ec918

File tree

1 file changed

+5
-4
lines changed

1 file changed

+5
-4
lines changed

src/OpenIDConnectClient.php

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1031,10 +1031,6 @@ public function verifyJWTsignature($jwt) {
10311031
throw new OpenIDConnectClientException('Error decoding JSON from token header');
10321032
}
10331033
$payload = implode('.', $parts);
1034-
$jwks = json_decode($this->fetchURL($this->getProviderConfigValue('jwks_uri')));
1035-
if ($jwks === NULL) {
1036-
throw new OpenIDConnectClientException('Error decoding JSON from jwks_uri');
1037-
}
10381034
if (!isset($header->alg)) {
10391035
throw new OpenIDConnectClientException('Error missing signature type in token header');
10401036
}
@@ -1045,6 +1041,11 @@ public function verifyJWTsignature($jwt) {
10451041
case 'RS512':
10461042
$hashtype = 'sha' . substr($header->alg, 2);
10471043
$signatureType = $header->alg === 'PS256' ? 'PSS' : '';
1044+
1045+
$jwks = json_decode($this->fetchURL($this->getProviderConfigValue('jwks_uri')));
1046+
if ($jwks === NULL) {
1047+
throw new OpenIDConnectClientException('Error decoding JSON from jwks_uri');
1048+
}
10481049

10491050
$verified = $this->verifyRSAJWTsignature($hashtype,
10501051
$this->getKeyForHeader($jwks->keys, $header),

0 commit comments

Comments
 (0)