lib-oauth2: jwt - Allow missing 'typ' field

diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index f67336341cbdc37f95a175f18868ef8506cd145b..13036e9a1c3ad9a517e9b21a3ea75195b46fcbb3 100644 (file)
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -341,8 +341,8 @@ oauth2_jwt_header_process(struct json_tree *tree, const char **alg_r,
        const char *alg = get_field(tree, "alg", NULL);
        const char *kid = get_field(tree, "kid", NULL);
 
-       if (null_strcmp(typ, "JWT") != 0) {
-               *error_r = "Cannot find 'typ' field";
+       if (typ != NULL && strcasecmp(typ, "JWT") != 0) {
+               *error_r = t_strdup_printf("Unsupported typ value '%s'", typ);
                return -1;
        }
 

diff --git a/src/lib-oauth2/test-oauth2-jwt.c b/src/lib-oauth2/test-oauth2-jwt.c
index 8afa8d96d3a3619842910df424b64945e089d4f8..b0c5324344d98fa3a7ac9c85fa8db878bdc20f50 100644 (file)
--- a/src/lib-oauth2/test-oauth2-jwt.c
+++ b/src/lib-oauth2/test-oauth2-jwt.c
@@ -390,15 +390,11 @@ static void test_jwt_broken_token(void)
                        .is_jwt = FALSE
                },
                { /* no alg field */
-                       .token = "eyJ0eXAiOiAiSldUIn0",
-                       .is_jwt = FALSE
-               },
-               { /* no typ field */
-                       .token = "eyJhbGciOiAiSFMyNTYifQ",
+                       .token = "eyJ0eXAiOiAiSldUIn0.e30.e30",
                        .is_jwt = FALSE
                },
                { /* typ field is wrong */
-                       .token = "eyJ0eXAiOiAiand0IiwgImFsZyI6ICJIUzI1NiJ9."
+                       .token = "e3R5cDogamtzLCBhbGc6IEhTMjU2fQ."
                                 "eyJhbGdvIjogIldURiIsICJ0eXAiOiAiSldUIn0."
                                 "q2wwwWWJVJxqw-J3uQ0DdlIyWfoZ7Z0QrdzvMW_B-jo",
                        .is_jwt = FALSE