Error when decoding a JWT with JWK set
nscarlato-ith opened this issue · comments
I am trying to decode a JWT with a JWK set and get the error "kid" invalid, unable to lookup correct key
from JWT::getKey() for the following code:
$jwt = 'eyJraWQiOiIyMDE5LTA1LTIyVDIwOjQwOjM4Ljc4MS5lYyIsInR5cCI6IkpXVCIsImFsZyI6IkVTMjU2In0.[...]'
$keys = file_get_contents(self::JWK);
$jsonKeys = json_decode($keys, true);
// This filtering was needed otherwise when parsing the keys it would fail. I feel like it should fail and continue trying with other keys of the array...
$jsonKeys = array_filter(
$jsonKeys['keys'],
fn ($key) => isset($key['kty'])
&& isset($key['crv'])
&& $key['crv'] === self::JWT_ALGORITHM_CURVE
);
$jwtSet = JWK::parseKeySet(['keys' => $jsonKeys], 'ES256');
$decodedToken = (array) JWT::decode($jwt, $jwkSet);
I checked the JWT on JWT.io and I can see the 'kid' header.
I tried decoding with only one key changing the code to $decodedToken = (array) JWT::decode($jwt, array_shift($jwkSet));
and it worked fine. Same as when parsing keys, I believe it should be able to handle several keys (if one fails, try the others).
I don't think I am doing something wrong, but in case someone sees something odd please correct me.