auth/oidc: infer JWKS algorithm (#96)

patrislav · web-flow · commit da007def8539 · 2025-04-16T14:34:41.000+03:00
diff --git a/rpc/auth/oidc/provider.go b/rpc/auth/oidc/provider.go
@@ -107,7 +107,12 @@ func (p *AuthProvider) Verify(ctx context.Context, verifCtx *proto.VerificationC
 		getKeySet: p.GetKeySet,
 	}
 
-	if _, err := jws.Verify([]byte(answer), jws.WithKeySet(ks, jws.WithMultipleKeysPerKeyID(false))); err != nil {
+	keySetOpts := []jws.WithKeySetSuboption{
+		jws.WithMultipleKeysPerKeyID(false),
+		jws.WithInferAlgorithmFromKey(true),
+	}
+
+	if _, err := jws.Verify([]byte(answer), jws.WithKeySet(ks, keySetOpts...)); err != nil {
 		return proto.Identity{}, fmt.Errorf("signature verification: %w", err)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,12 @@ func (p AuthProvider) Verify(ctx context.Context, verifCtx proto.VerificationC`
`107`	`107`	`getKeySet: p.GetKeySet,`
`108`	`108`	`}`
`109`	`109`
`110`		`- if _, err := jws.Verify([]byte(answer), jws.WithKeySet(ks, jws.WithMultipleKeysPerKeyID(false))); err != nil {`
	`110`	`+ keySetOpts := []jws.WithKeySetSuboption{`
	`111`	`+ jws.WithMultipleKeysPerKeyID(false),`
	`112`	`+ jws.WithInferAlgorithmFromKey(true),`
	`113`	`+ }`
	`114`	`+`
	`115`	`+ if _, err := jws.Verify([]byte(answer), jws.WithKeySet(ks, keySetOpts...)); err != nil {`
`111`	`116`	`return proto.Identity{}, fmt.Errorf("signature verification: %w", err)`
`112`	`117`	`}`
`113`	`118`