- edited description
OIDCProviderMetadata doesnt make use of the JWSAlgorithm.parse when parsing the metadata
hello,
I have identified what might be an issue in the current base code of OIDCProviderMetadata.
The JWSAlgorithm.parse() helper is not used when it could be (line 1946, 1960, 1998). This may have some consequence as tests such as checks from the configuration tree objects will fail :
final List<JWSAlgorithm> metadataAlgorithms = configuration.getProviderMetadata().getIDTokenJWSAlgs();
JWSAlgorithm jwsAlgorithm = metadataAlgorithms.get(0);
jwsAlgorithm == JWSAlgorithm.HS256.
We might expect instead such a check to be successful.
=> I have noticed this approach is in use for ClaimType for instance.
Is that a choice made by design ?
Regards
André
Comments (5)
-
reporter -
reporter - edited description
-
reporter - edited description
-
Thanks for filing this.
Updated the code so that reference comparison also works: 0a551e5d6315f65a91634e2b26d5614362ac8e44
The recommended comparison is with
.equals
Released as v5.24.2 to Maven Central.
-
- changed status to resolved
- Log in to comment