velocitatem/cvfs
1
0
Fork 0
mirror of https://github.com/velocitatem/cvfs.git synced 2026-05-31 08:43:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

use kid-specific jwk for verification

Browse Source
This commit is contained in:
Daniel Rosel
2026-04-03 19:33:56 +02:00
parent fa215009cd
commit effb9161f8
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
dlib/auth/oidc.py
View File

@@ -71,10 +71,11 @@ class OidcTokenValidator:
sub="dev-user", email="dev@example.com", name="Developer"
)
header = jwt.get_unverified_header(token)
key = await self._get_key(header.get("kid"))
kid = header.get("kid")
alg = header.get("alg") or "RS256"
key = await self._get_key(kid)
if not key:
raise TokenValidationError("Unable to resolve signing key")
alg = header.get("alg") or key.get("alg") or "RS256"
try:
claims = jwt.decode(
token,