From 36707a0cb15eb3817dec691f1fdb44afc437aea1 Mon Sep 17 00:00:00 2001
From: Julien Veyssier <julien-nc@posteo.net>
Date: Tue, 14 May 2024 10:46:47 +0200
Subject: [PATCH] attempt to fix #823 by removing any key using a P-521 curve
 from the discovered keys

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
---
 lib/Service/DiscoveryService.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/Service/DiscoveryService.php b/lib/Service/DiscoveryService.php
index 5aa3b62c..3d1344ae 100644
--- a/lib/Service/DiscoveryService.php
+++ b/lib/Service/DiscoveryService.php
@@ -156,6 +156,12 @@ private function fixJwksAlg(array $jwks, string $jwt): array {
 		}
 
 		foreach ($jwks['keys'] as $index => $key) {
+			// php-jwt fails in JWK::parseKeySet the keyset contains one key with P-521 curve
+			// see https://github.com/firebase/php-jwt/blob/main/src/JWK.php#L31
+			if (isset($key['crv']) && $key['crv'] === 'P-521') {
+				unset($jwks['keys'][$index]);
+			}
+
 			// Only fix the key being referred to in the JWT.
 			if ($jwtHeader['kid'] != $key['kid']) {
 				continue;