Skip to content

Commit

Permalink
Check if subject is equal to subject of id token when verifying JWT c…
Browse files Browse the repository at this point in the history 
…laims
  • Loading branch information
@ricklambrechts
ricklambrechts committed Apr 22, 2024
1 parent e31ec33 commit 1eb4aa8
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Updated readme PHP requirement to PHP 7.0+ #407
- Added dependabot for GitHub Actions #407
- Cast `$_SERVER['SERVER_PORT']` to integer to prevent adding 80 or 443 port to redirect URL. #403
- Check subject when verifying JWT #406

## [1.0.0] - 2023-12-13

Expand Down
1 change: 1 addition & 0 deletions src/OpenIDConnectClient.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1206,6 +1206,7 @@ protected function verifyJWTClaims($claims, string $accessToken = null): bool
}
return (($this->validateIssuer($claims->iss))
&& (($claims->aud === $this->clientID) || in_array($this->clientID, $claims->aud, true))
&& ($claims->sub === $this->getIdTokenPayload()->sub)
&& (!isset($claims->nonce) || $claims->nonce === $this->getNonce())
&& ( !isset($claims->exp) || ((is_int($claims->exp)) && ($claims->exp >= time() - $this->leeway)))
&& ( !isset($claims->nbf) || ((is_int($claims->nbf)) && ($claims->nbf <= time() + $this->leeway)))
Expand Down

0 comments on commit 1eb4aa8

Please sign in to comment.