OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛 Fixed signing key mismatching in members JWT/JWKS

Browse Source 
refs https://github.com/TryGhost/Team/issues/1640

- Some the clien libraries were not able to match the signin key to verify JWT when using `GET /members/.well-knonw/jwks.json` endpoint for member token verification. This issue was due to missing `keyid` parameter allows to indicate the key used to secure JWS (as per https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4) and resolves the automatic matching issue on the client.
- The `kid` parameter was left in claims to avoid accidental breaking changes.
This commit is contained in:
Naz 2022-05-24 11:45:20 +08:00
parent 72479a152f
commit fcc9daf549
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -85,7 +85,7 @@
"@tryghost/logging": "2.1.8",
"@tryghost/magic-link": "1.0.26",
"@tryghost/member-events": "0.4.6",
"@tryghost/members-api": "8.1.0",
"@tryghost/members-api": "8.1.1",
"@tryghost/members-events-service": "0.4.3",
"@tryghost/members-importer": "0.5.15",
"@tryghost/members-offers": "0.11.6",

8
yarn.lock
View File

@ -1861,10 +1861,10 @@
"@tryghost/domain-events" "^0.1.14"
"@tryghost/member-events" "^0.4.6"
"@tryghost/members-api@8.1.0":
version "8.1.0"
resolved "https://registry.yarnpkg.com/@tryghost/members-api/-/members-api-8.1.0.tgz#756e41a0cf1bc9680bb4e580348d4aebeb8825bc"
integrity sha512-iYo19Z/+ktonIh95sKlia5PJ1nZ/+r7Eg/ygwfU3X2kminhag9vedcHHb9s3h2PTjsx7Rjuy1BxDZMgrgV0L5g==
"@tryghost/members-api@8.1.1":
version "8.1.1"
resolved "https://registry.yarnpkg.com/@tryghost/members-api/-/members-api-8.1.1.tgz#9078ea61717a0c4dab1cff1ef0a0ae505389731c"
integrity sha512-gnNmK9Bw8xpdWm/KsXmYKXdE6h52pzI+QOYMTrCHvKkdOk643OBYwkDmssXfSZAxO31offkE0j/q3xTIstlTUw==
dependencies:
"@nexes/nql" "^0.6.0"
"@tryghost/debug" "^0.1.2"