Influxdata
/
influxdb
mirror of https://github.com/influxdata/influxdb.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #3838 from theoDiefenthal/oauth-less-restrictive-key-equalness-check 

Less restrictive key equalness check in OAuth due to providers like Microsoft Azure
pull/10616/head
Jared Scheib 2018-07-12 16:28:06 -07:00 committed by GitHub
parent 8ec536832d cc5bfaadff
commit ad8711a977
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth2/jwt.go
View File

@ -143,7 +143,7 @@ func (j *JWT) KeyFuncRS256(token *gojwt.Token) (interface{}, error) {
// extract cert when kid and alg match // extract cert when kid and alg match
var certPkix []byte var certPkix []byte
for _, jwk := range jwks.Keys { for _, jwk := range jwks.Keys {
if token.Header["kid"] == jwk.Kid && token.Header["alg"] == jwk.Alg { if token.Header["kid"] == jwk.Kid {
// FIXME: optionally walk the key chain, see rfc7517 section 4.7 // FIXME: optionally walk the key chain, see rfc7517 section 4.7
certPkix, err = base64.StdEncoding.DecodeString(jwk.X5c[0]) certPkix, err = base64.StdEncoding.DecodeString(jwk.X5c[0])
if err != nil { if err != nil {