From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Mon, 8 May 2023 05:23:39 +0000 (+0300)
Subject: lib-oauth2: Remove typ check
X-Git-Tag: 2.3.21~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9c7f5a74a7166221e210df4715347892a1fd665a;p=thirdparty%2Fdovecot%2Fcore.git

lib-oauth2: Remove typ check

It is not really useful. And mostly just keeps breaking when people
invent new kty values.
---

diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index 6631f21c7a..d4006f974b 100644
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -322,15 +322,9 @@ static int
 oauth2_jwt_header_process(struct json_tree *tree, const char **alg_r,
 			  const char **kid_r, const char **error_r)
 {
-	const char *typ = get_field(tree, "typ");
 	const char *alg = get_field(tree, "alg");
 	const char *kid = get_field(tree, "kid");
 
-	if (typ != NULL && strcasecmp(typ, "JWT") != 0) {
-		*error_r = t_strdup_printf("Unsupported typ value '%s'", typ);
-		return -1;
-	}
-
 	if (alg == NULL) {
 		*error_r = "Cannot find 'alg' field";
 		return -1;
@@ -413,7 +407,7 @@ oauth2_jwt_body_process(const struct oauth2_settings *set, const char *alg,
 		}
 	}
 
-	const char *aud = get_field(tree, "aud", NULL);
+	const char *aud = get_field(tree, "aud");
 	/* if there is client_id configured, then aud should be present */
 	if (set->client_id != NULL && *set->client_id != '\0') {
 		if (aud == NULL) {