Skip to content

Commit

Permalink
Merge pull request #74 from change-engine/drop-alg
Browse files Browse the repository at this point in the history 
MS don't set alg, so we can't validate it
  • Loading branch information
@carlos-alberto
carlos-alberto authored Mar 28, 2024
2 parents e6f5f75 + 7c05389 commit c291d47
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ export async function verify<T>(token: string, iss: string, aud: string): Promis
};
const key = Object.fromEntries(jwks.keys.map((k) => [k.kid, k]))[head.kid];
if (!key) return false;
if (key.alg !== 'RS256') return false;
if (key.alg && key.alg !== 'RS256') return false;
if (
!(await crypto.subtle.verify(
{ name: 'RSASSA-PKCS1-v1_5', hash: { name: 'SHA-256' } },
Expand Down

0 comments on commit c291d47

Please sign in to comment.