Skip to content

Commit

Permalink
x5c is not base64url encoded, see RFC7517 Section 4.7
Browse files Browse the repository at this point in the history
closes #460

Signed-off-by: Stefan Bodewig <[email protected]>
  • Loading branch information
bodewig committed Jan 13, 2023
1 parent a488e08 commit 6fd9aa3
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
5 changes: 5 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
01/13/2023
- when parsing JWKs with an x5c claim the claim was wronly assumed to
be base64url encoded instead of base64 encoded;
see #460

11/06/2022
- a new option local_redirect_path can be used is situations where the
redirect_uri as is visible to lua-resty-openidc is not simply the path
Expand Down
2 changes: 1 addition & 1 deletion lib/resty/openidc.lua
Original file line number Diff line number Diff line change
Expand Up @@ -844,7 +844,7 @@ end

local function openidc_pem_from_x5c(x5c)
log(DEBUG, "Found x5c, getting PEM public key from x5c entry of json public key")
local chunks = split_by_chunk(b64(openidc_base64_url_decode(x5c[1])), 64)
local chunks = split_by_chunk(x5c[1], 64)
local pem = "-----BEGIN CERTIFICATE-----\n" ..
table.concat(chunks, "\n") ..
"\n-----END CERTIFICATE-----"
Expand Down

0 comments on commit 6fd9aa3

Please sign in to comment.