attempt to fix #823 by removing any key using a P-521 curve from the …

…discovered keys Signed-off-by: Julien Veyssier <[email protected]>
nextcloud · May 14, 2024 · 36707a0 · 36707a0
1 parent 9cba05b
commit 36707a0
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/lib/Service/DiscoveryService.php b/lib/Service/DiscoveryService.php
@@ -156,6 +156,12 @@ private function fixJwksAlg(array $jwks, string $jwt): array {
 		}
 
 		foreach ($jwks['keys'] as $index => $key) {
+			// php-jwt fails in JWK::parseKeySet the keyset contains one key with P-521 curve
+			// see https://github.com/firebase/php-jwt/blob/main/src/JWK.php#L31
+			if (isset($key['crv']) && $key['crv'] === 'P-521') {
+				unset($jwks['keys'][$index]);
+			}
+
 			// Only fix the key being referred to in the JWT.
 			if ($jwtHeader['kid'] != $key['kid']) {
 				continue;