Fix handling of JWT without key ID (!2) · Merge requests · GitLab.org / ruby / gems / GitLab OmniAuth OpenID Connect

Stan Hu requested to merge sh-fix-missing-jwt-kid into master Apr 24, 2021

When a key ID (kid) is not included in the JWT, that means we don't know anything about which signing key to use. The json-jwt library expects the kid value to be present if a JWK Set is presented. If a missing kid exception is raised, we now iterate through each key to find one that works.

Closes https://github.com/m0n9oose/omniauth_openid_connect/issues/64

Relates to gitlab-org/gitlab!34030 (merged)

Edited Apr 24, 2021 by Stan Hu

Fix handling of JWT without key ID

Merge request reports