Skip to content

Commit

Permalink
Bearer middleware: add "infer algorithm from key"
Browse files Browse the repository at this point in the history
Fixes (maybe) #3025, as the JWKS from Azure AD is known for omitting the `alg` property

Signed-off-by: ItalyPaleAle <[email protected]>
  • Loading branch information
ItalyPaleAle committed Aug 2, 2023
1 parent 60322a1 commit c7ab62f
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion middleware/http/bearer/bearer_middleware.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (

"github.com/lestrrat-go/httprc"
"github.com/lestrrat-go/jwx/v2/jwk"
"github.com/lestrrat-go/jwx/v2/jws"
"github.com/lestrrat-go/jwx/v2/jwt"

"github.com/dapr/components-contrib/internal/httputils"
Expand Down Expand Up @@ -112,7 +113,7 @@ func (m *Middleware) GetHandler(ctx context.Context, metadata middleware.Metadat
_, err = jwt.Parse([]byte(rawToken),
jwt.WithContext(r.Context()),
jwt.WithAcceptableSkew(allowedClockSkew),
jwt.WithKeySet(keyset),
jwt.WithKeySet(keyset, jws.WithInferAlgorithmFromKey(true)),
jwt.WithAudience(meta.Audience),
jwt.WithIssuer(meta.Issuer),
)
Expand Down

0 comments on commit c7ab62f

Please sign in to comment.