Sign with the signer key. Previously the verify key was used, which only worked

author Graham Leggett <minfrin@apache.org>

Fri, 19 May 2023 10:24:27 +0000 (10:24 +0000)

committer Graham Leggett <minfrin@apache.org>

Fri, 19 May 2023 10:24:27 +0000 (10:24 +0000)
author Graham Leggett <minfrin@apache.org>
Fri, 19 May 2023 10:24:27 +0000 (10:24 +0000)
committer Graham Leggett <minfrin@apache.org>
Fri, 19 May 2023 10:24:27 +0000 (10:24 +0000)
diff --git a/modules/aaa/mod_autht_jwt.c b/modules/aaa/mod_autht_jwt.c

index f48bdd698fcd1dc4e1cd52b92ba66db707f43c1c..f1754cfb5c5e44f91db70d55633166c8dcd011a2 100644 (file)
--- a/modules/aaa/mod_autht_jwt.c
+++ b/modules/aaa/mod_autht_jwt.c
@@ -616,8 +616,9 @@ static const char *jwt_get_token(request_rec *r)
          return "error:no-claims";
      }
  
-    if (conf->verifies_set) {
-        srec = (auth_bearer_signature_rec *)conf->verifies->elts;
+    /* sign with the first key, if present */
+    if (conf->signs_set) {
+        srec = (auth_bearer_signature_rec *)conf->signs->elts;
      }
  
      /* create a JWT containing the claims */
author	Graham Leggett <minfrin@apache.org>
	Fri, 19 May 2023 10:24:27 +0000 (10:24 +0000)
committer	Graham Leggett <minfrin@apache.org>
	Fri, 19 May 2023 10:24:27 +0000 (10:24 +0000)