From cc5bfaadff0e042a0d381a2c026771ef36bf3c7e Mon Sep 17 00:00:00 2001
From: Theo Diefenthal <theo.diefenthal@scoop-software.de>
Date: Mon, 9 Jul 2018 19:37:17 +0200
Subject: [PATCH] -Less restrictive key equalness check in OAuth due to
 providers like Microsoft Azure who do not provide "alg" claim

---
 oauth2/jwt.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauth2/jwt.go b/oauth2/jwt.go
index d1fb288cf9..e2cbc171e5 100644
--- a/oauth2/jwt.go
+++ b/oauth2/jwt.go
@@ -143,7 +143,7 @@ func (j *JWT) KeyFuncRS256(token *gojwt.Token) (interface{}, error) {
 	// extract cert when kid and alg match
 	var certPkix []byte
 	for _, jwk := range jwks.Keys {
-		if token.Header["kid"] == jwk.Kid && token.Header["alg"] == jwk.Alg {
+		if token.Header["kid"] == jwk.Kid {
 			// FIXME: optionally walk the key chain, see rfc7517 section 4.7
 			certPkix, err = base64.StdEncoding.DecodeString(jwk.X5c[0])
 			if err != nil {