lib/rodauth/features/oauth_jwt_base.rb in rodauth-oauth-1.3.1 vs lib/rodauth/features/oauth_jwt_base.rb in rodauth-oauth-1.3.2
- old
+ new
@@ -187,18 +187,20 @@
jwk = JSON::JWK.new(key || "")
jwt = jwt.sign(jwk, signing_algorithm)
jwt.kid = jwk.thumbprint
+ return jwt.to_s unless encryption_algorithm && encryption_method
+
if jwks && (jwk = jwks.find { |k| k[:use] == "enc" && k[:alg] == encryption_algorithm && k[:enc] == encryption_method })
jwk = JSON::JWK.new(jwk)
jwe = jwt.encrypt(jwk, encryption_algorithm.to_sym, encryption_method.to_sym)
jwe.to_s
elsif jwe_key
jwe_key = jwe_key.first if jwe_key.is_a?(Array)
- algorithm = encryption_algorithm.to_sym if encryption_algorithm
- meth = encryption_method.to_sym if encryption_method
+ algorithm = encryption_algorithm.to_sym
+ meth = encryption_method.to_sym
jwt.encrypt(jwe_key, algorithm, meth)
else
jwt.to_s
end
end
@@ -244,10 +246,12 @@
jws = JSON::JWT.decode(jws.plain_text, JSON::JWK::Set.new({ keys: jwks }), sig_algs) if jws.is_a?(JSON::JWE)
end
jws
elsif jws_key
JSON::JWT.decode(token, jws_key)
+ else
+ JSON::JWT.decode(token, nil, jws_algorithm)
end
elsif (jwks = auth_server_jwks_set)
JSON::JWT.decode(token, JSON::JWK::Set.new(jwks))
end
@@ -426,9 +430,11 @@
algorithms = jws_algorithm ? [jws_algorithm] : jwks.select { |k| k[:use] == "sig" }.map { |k| k[:alg] }
JWT.decode(token, nil, true, algorithms: algorithms, jwks: { keys: jwks }, **verify_claims_params).first
end
elsif jws_key
JWT.decode(token, jws_key, true, algorithms: [jws_algorithm], **verify_claims_params).first
+ else
+ JWT.decode(token, jws_key, false, **verify_claims_params).first
end
elsif (jwks = auth_server_jwks_set)
algorithms = jwks[:keys].select { |k| k[:use] == "sig" }.map { |k| k[:alg] }
JWT.decode(token, nil, true, jwks: jwks, algorithms: algorithms, **verify_claims_params).first
end