Merge pull request #1333 from strobelpierre/fix/823/filter-unsupported-jwks-keys

fix(jwks): filter unsupported key types in fixJwksAlg

Author: julien-nc

lib/Service/DiscoveryService.php

@@ -196,17 +196,19 @@ public function fixJwksAlg(array $jwks, string $jwt): array {
 			throw new \RuntimeException('Invalid JWKS: missing "keys" array');
 		}
 
+		// Filter out keys with incompatible key types to prevent
+		// Firebase JWT from failing on unsupported curves (e.g. P-521, Ed448).
+		// See https://github.com/firebase/php-jwt/issues/561
+		$jwks['keys'] = array_values(array_filter($jwks['keys'], function ($key) use ($expectedKty) {
+			return ($key['kty'] ?? null) === $expectedKty;
+		}));
+		$keys = $jwks['keys'];
+
 		$matchingIndex = null;
 
 		foreach ($keys as $index => $key) {
-			$keyKty = $key['kty'] ?? null;
 			$keyUse = $key['use'] ?? null;
 
-			// Skip keys with incompatible type
-			if ($keyKty !== $expectedKty) {
-				continue;
-			}
-
 			// Skip keys not intended for signature
 			if ($keyUse !== null && $keyUse !== 'sig') {
 				continue;

tests/unit/Service/DiscoveryServiceTest.php

@@ -43,6 +43,112 @@ public function setUp(): void {
 		$this->discoveryService = new DiscoveryService($this->logger, $this->clientHelper, $this->providerService, $this->config, $this->cacheFactory);
 	}
 
+	/**
+	 * Test that fixJwksAlg filters out keys with unsupported key types.
+	 * This prevents Firebase JWT from crashing on P-521 or OKP keys.
+	 * See https://github.com/firebase/php-jwt/issues/561
+	 */
+	public function testFixJwksAlgFiltersUnsupportedKeyTypes() {
+		// Build a fake JWT with RS256 alg and a known kid
+		$header = json_encode(['alg' => 'RS256', 'kid' => 'rsa-key-1', 'typ' => 'JWT']);
+		$payload = json_encode(['sub' => '1234']);
+		$fakeJwt = rtrim(strtr(base64_encode($header), '+/', '-_'), '=')
+			. '.' . rtrim(strtr(base64_encode($payload), '+/', '-_'), '=')
+			. '.fake-signature';
+
+		// JWKS with mixed key types: RSA (matching), EC P-521, and OKP
+		$jwks = [
+			'keys' => [
+				[
+					'kty' => 'EC',
+					'crv' => 'P-521',
+					'kid' => 'ec-p521-key',
+					'use' => 'sig',
+					'x' => 'AekpBQ8ST8a8VcfVOTNl353vSrDCLL-Jmn1TZOFz5EhU',
+					'y' => 'ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2T',
+				],
+				[
+					'kty' => 'RSA',
+					'kid' => 'rsa-key-1',
+					'use' => 'sig',
+					'n' => str_repeat('A', 342), // Fake 2048-bit modulus (256 bytes base64)
+					'e' => 'AQAB',
+				],
+				[
+					'kty' => 'OKP',
+					'crv' => 'Ed25519',
+					'kid' => 'okp-key',
+					'use' => 'sig',
+					'x' => 'some-value',
+				],
+			],
+		];
+
+		// Mock config to disable key strength validation (we use fake key material)
+		$this->config->method('getSystemValue')
+			->with('user_oidc', [])
+			->willReturn(['validate_jwk_strength' => false]);
+
+		$result = $this->discoveryService->fixJwksAlg($jwks, $fakeJwt);
+
+		// Only the RSA key should remain
+		Assert::assertCount(1, $result['keys']);
+		Assert::assertEquals('RSA', $result['keys'][0]['kty']);
+		Assert::assertEquals('rsa-key-1', $result['keys'][0]['kid']);
+		Assert::assertEquals('RS256', $result['keys'][0]['alg']);
+	}
+
+	/**
+	 * Test that fixJwksAlg works with EC keys when JWT uses ES256.
+	 */
+	public function testFixJwksAlgKeepsCompatibleEcKeys() {
+		$header = json_encode(['alg' => 'ES256', 'kid' => 'ec-key-1', 'typ' => 'JWT']);
+		$payload = json_encode(['sub' => '1234']);
+		$fakeJwt = rtrim(strtr(base64_encode($header), '+/', '-_'), '=')
+			. '.' . rtrim(strtr(base64_encode($payload), '+/', '-_'), '=')
+			. '.fake-signature';
+
+		$jwks = [
+			'keys' => [
+				[
+					'kty' => 'RSA',
+					'kid' => 'rsa-key-1',
+					'use' => 'sig',
+					'n' => str_repeat('A', 342),
+					'e' => 'AQAB',
+				],
+				[
+					'kty' => 'EC',
+					'crv' => 'P-256',
+					'kid' => 'ec-key-1',
+					'use' => 'sig',
+					'x' => 'AekpBQ8ST8a8VcfVOTNl353vSrDCLL-Jmn1TZOFz5EhU',
+					'y' => 'ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2T',
+				],
+				[
+					'kty' => 'EC',
+					'crv' => 'P-521',
+					'kid' => 'ec-p521-key',
+					'use' => 'sig',
+					'x' => 'AekpBQ8ST8a8VcfVOTNl353vSrDCLL-Jmn1TZOFz5EhU',
+					'y' => 'ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2T',
+				],
+			],
+		];
+
+		$this->config->method('getSystemValue')
+			->with('user_oidc', [])
+			->willReturn(['validate_jwk_strength' => false]);
+
+		$result = $this->discoveryService->fixJwksAlg($jwks, $fakeJwt);
+
+		// Both EC keys should remain (same kty), RSA filtered out
+		Assert::assertCount(2, $result['keys']);
+		Assert::assertEquals('EC', $result['keys'][0]['kty']);
+		Assert::assertEquals('ec-key-1', $result['keys'][0]['kid']);
+		Assert::assertEquals('EC', $result['keys'][1]['kty']);
+	}
+
 	public function testBuildAuthorizationUrl() {
 		$xss1 = '\'"http-equiv=><svg/onload=alert(1)>';
 		$cleanedXss1 = '&#039;&quot;http-equiv=&gt;&lt;svg/onload=alert(1)&gt;';