Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow JWT::decode to accept an empty string as a valid kid #581

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Commits on Oct 23, 2024

  1. Allow JWT::decode to accept an empty string as a valid kid

    There are instances when using CachedKeySet where a key is returned with an empty string as the kid.
    This is a valid use case and should be allowed.
    
    For example Teleport Proxy uses this pattern to allow for a default key.
    
    The getKey method can be simplified, as well as refactored to follow the same pattern as
    the CachedKeySet class which casts null kids to an empty string.
    
    This change also adds a test to ensure that an empty string kid is a valid kid.
    ryanneufeld authored and rneufeldcisco committed Oct 23, 2024
    Configuration menu
    Copy the full SHA
    993a11c View commit details
    Browse the repository at this point in the history