Skip to content

Commit

Permalink
Check if subject is equal to subject of id token when verifying JWT c…
Browse files Browse the repository at this point in the history 
…laims

Fixes jumbojett#406
  • Loading branch information
@ricklambrechts @hexmode
ricklambrechts authored and hexmode committed Apr 20, 2024
1 parent 6a2bd53 commit cedf160
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Added
- Check subject when verifying JWT claims #406

### Fixed
- Changed parameter #2 of http_build_query to empty string on requestTokenExchange to support PHP8.x #413
- Return types are too strict. #412
Expand Down
1 change: 1 addition & 0 deletions src/OpenIDConnectClient.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1206,6 +1206,7 @@ protected function verifyJWTClaims($claims, string $accessToken = null): bool
}
return (($this->validateIssuer($claims->iss))
&& (($claims->aud === $this->clientID) || in_array($this->clientID, $claims->aud, true))
&& ($claims->sub === $this->getIdTokenPayload()->sub)
&& (!isset($claims->nonce) || $claims->nonce === $this->getNonce())
&& ( !isset($claims->exp) || ((is_int($claims->exp)) && ($claims->exp >= time() - $this->leeway)))
&& ( !isset($claims->nbf) || ((is_int($claims->nbf)) && ($claims->nbf <= time() + $this->leeway)))
Expand Down

0 comments on commit cedf160

Please sign in to comment.