From fcc9daf5494f515fe1293a2a1cce065960c41a89 Mon Sep 17 00:00:00 2001 From: Naz Date: Tue, 24 May 2022 11:45:20 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fixed=20signing=20key=20mismatch?= =?UTF-8?q?ing=20in=20members=20JWT/JWKS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit refs https://github.com/TryGhost/Team/issues/1640 - Some the clien libraries were not able to match the signin key to verify JWT when using `GET /members/.well-knonw/jwks.json` endpoint for member token verification. This issue was due to missing `keyid` parameter allows to indicate the key used to secure JWS (as per https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4) and resolves the automatic matching issue on the client. - The `kid` parameter was left in claims to avoid accidental breaking changes. --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 55777653b8..4b4eb3dbea 100644 --- a/package.json +++ b/package.json @@ -85,7 +85,7 @@ "@tryghost/logging": "2.1.8", "@tryghost/magic-link": "1.0.26", "@tryghost/member-events": "0.4.6", - "@tryghost/members-api": "8.1.0", + "@tryghost/members-api": "8.1.1", "@tryghost/members-events-service": "0.4.3", "@tryghost/members-importer": "0.5.15", "@tryghost/members-offers": "0.11.6", diff --git a/yarn.lock b/yarn.lock index ce134ba92a..9c6a8c84af 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1861,10 +1861,10 @@ "@tryghost/domain-events" "^0.1.14" "@tryghost/member-events" "^0.4.6" -"@tryghost/members-api@8.1.0": - version "8.1.0" - resolved "https://registry.yarnpkg.com/@tryghost/members-api/-/members-api-8.1.0.tgz#756e41a0cf1bc9680bb4e580348d4aebeb8825bc" - integrity sha512-iYo19Z/+ktonIh95sKlia5PJ1nZ/+r7Eg/ygwfU3X2kminhag9vedcHHb9s3h2PTjsx7Rjuy1BxDZMgrgV0L5g== +"@tryghost/members-api@8.1.1": + version "8.1.1" + resolved "https://registry.yarnpkg.com/@tryghost/members-api/-/members-api-8.1.1.tgz#9078ea61717a0c4dab1cff1ef0a0ae505389731c" + integrity sha512-gnNmK9Bw8xpdWm/KsXmYKXdE6h52pzI+QOYMTrCHvKkdOk643OBYwkDmssXfSZAxO31offkE0j/q3xTIstlTUw== dependencies: "@nexes/nql" "^0.6.0" "@tryghost/debug" "^0.1.2"