[FIX] auth_oidc: support keys without kid

OCA · Nov 7, 2023 · 96882df · 96882df
1 parent 58a3e83
commit 96882df
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/auth_oidc/models/auth_oauth_provider.py b/auth_oidc/models/auth_oauth_provider.py
@@ -87,6 +87,7 @@ def _decode_id_token(self, access_token, id_token, kid):
             raise JWTError("OpenID Connect requires kid to be set if there is more"
                            " than one key in the JWKS")
         error = None
+        # we accept multiple keys with the same kid in case a key gets rotated.
         for key in keys:
             try:
                 values = jwt.decode(id_token, key, algorithms=["RS256"],