Skip to content

Commit

Permalink
fix: Removed duplicate check on jwks_uri and only check if jwks_uri e…
Browse files Browse the repository at this point in the history
…xists when needed (#373)

* Removed duplicate check on jwks_uri

* Update CHANGELOG

* Only check jwks_uri when needed

* Update changelog
  • Loading branch information
ricklambrechts authored Apr 23, 2024
1 parent 0c8f54d commit 1a468a4
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 10 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Added dependabot for GitHub Actions #407
- Cast `$_SERVER['SERVER_PORT']` to integer to prevent adding 80 or 443 port to redirect URL. #403
- Check subject when verifying JWT #406
- Removed duplicate check on jwks_uri and only check if jwks_uri exists when needed #373

## [1.0.0] - 2023-12-13

Expand Down
17 changes: 7 additions & 10 deletions src/OpenIDConnectClient.php
Original file line number Diff line number Diff line change
Expand Up @@ -469,12 +469,7 @@ public function verifyLogoutToken(): bool
$claims = $this->decodeJWT($logout_token, 1);

// Verify the signature
if (!$this->getProviderConfigValue('jwks_uri')) {
throw new OpenIDConnectClientException('Back-channel logout: Unable to verify signature due to no jwks_uri being defined');
}
if (!$this->verifyJWTSignature($logout_token)) {
throw new OpenIDConnectClientException('Back-channel logout: Unable to verify JWT signature');
}
$this->verifySignatures($logout_token);

// Verify Logout Token Claims
if ($this->verifyLogoutTokenClaims($claims)) {
Expand Down Expand Up @@ -1134,7 +1129,12 @@ public function verifyJWTSignature(string $jwt): bool
$jwk = $header->jwk;
$this->verifyJWKHeader($jwk);
} else {
$jwks = json_decode($this->fetchURL($this->getProviderConfigValue('jwks_uri')), false);
$jwksUri = $this->getProviderConfigValue('jwks_uri');
if (!$jwksUri) {
throw new OpenIDConnectClientException ('Unable to verify signature due to no jwks_uri being defined');
}

$jwks = json_decode($this->fetchURL($jwksUri), false);
if ($jwks === NULL) {
throw new OpenIDConnectClientException('Error decoding JSON from jwks_uri');
}
Expand Down Expand Up @@ -1164,9 +1164,6 @@ public function verifyJWTSignature(string $jwt): bool
*/
public function verifySignatures(string $jwt)
{
if (!$this->getProviderConfigValue('jwks_uri')) {
throw new OpenIDConnectClientException ('Unable to verify signature due to no jwks_uri being defined');
}
if (!$this->verifyJWTSignature($jwt)) {
throw new OpenIDConnectClientException ('Unable to verify signature');
}
Expand Down

0 comments on commit 1a468a4

Please sign in to comment.