Merge pull request #151 from oat-sa/fix/AUT-2631/allow-empty-verifica…

…tion-key fix: allow empty validation keys to be set into security configuration
oat-sa · Sep 13, 2022 · cf7c8d3 · cf7c8d3
2 parents 237fafd + 99646a8
commit cf7c8d3
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,10 +1,11 @@
 CHANGELOG
 =========
 
-Unreleased
+6.7.2
 -----
 
-* Added AUD claim validation in `LtiServiceClient`
+* Fixed AUD claim validation in `LtiServiceClient`
+* Fixed empty validation key assignment to the security configuration
 
 6.7.1
 -----

diff --git a/src/Security/Jwt/Configuration/ConfigurationFactory.php b/src/Security/Jwt/Configuration/ConfigurationFactory.php
@@ -85,7 +85,9 @@ private function findAlgorithm(?KeyInterface $signingKey = null, ?KeyInterface $
     private function convertKey(?KeyInterface $key = null): Key
     {
         if (null === $key) {
-            return InMemory::plainText('');
+            return method_exists(InMemory::class, 'empty')
+                ? InMemory::empty()
+                : InMemory::plainText('');
         }
 
         return $this->converter->convert($key);