From 99646a8a31e9dee3bf4f12e6c0d7e32a73d8e764 Mon Sep 17 00:00:00 2001
From: Sergei Mikhailov <sergei.mikhailov@taotesting.com>
Date: Tue, 13 Sep 2022 16:34:25 +0200
Subject: [PATCH] fix: allow empty validation keys to be set into security
 configuration

---
 CHANGELOG.md                                            | 5 +++--
 src/Security/Jwt/Configuration/ConfigurationFactory.php | 4 +++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bcc0780..53082e2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,11 @@
 CHANGELOG
 =========
 
-Unreleased
+6.7.2
 -----
 
-* Added AUD claim validation in `LtiServiceClient`
+* Fixed AUD claim validation in `LtiServiceClient`
+* Fixed empty validation key assignment to the security configuration
 
 6.7.1
 -----
diff --git a/src/Security/Jwt/Configuration/ConfigurationFactory.php b/src/Security/Jwt/Configuration/ConfigurationFactory.php
index 4f2a0b9..1e936cf 100644
--- a/src/Security/Jwt/Configuration/ConfigurationFactory.php
+++ b/src/Security/Jwt/Configuration/ConfigurationFactory.php
@@ -85,7 +85,9 @@ private function findAlgorithm(?KeyInterface $signingKey = null, ?KeyInterface $
     private function convertKey(?KeyInterface $key = null): Key
     {
         if (null === $key) {
-            return InMemory::plainText('');
+            return method_exists(InMemory::class, 'empty')
+                ? InMemory::empty()
+                : InMemory::plainText('');
         }
 
         return $this->converter->convert($key);