From 3adea3c254322b518d0e271c44da2ab104d1e1c7 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Wed, 2 Nov 2022 15:56:54 +0200
Subject: [PATCH] lib-oauth2: jwt - Allow missing 'typ' field

---
 src/lib-oauth2/oauth2-jwt.c      | 4 ++--
 src/lib-oauth2/test-oauth2-jwt.c | 8 ++------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/lib-oauth2/oauth2-jwt.c b/src/lib-oauth2/oauth2-jwt.c
index f67336341c..13036e9a1c 100644
--- a/src/lib-oauth2/oauth2-jwt.c
+++ b/src/lib-oauth2/oauth2-jwt.c
@@ -341,8 +341,8 @@ oauth2_jwt_header_process(struct json_tree *tree, const char **alg_r,
 	const char *alg = get_field(tree, "alg", NULL);
 	const char *kid = get_field(tree, "kid", NULL);
 
-	if (null_strcmp(typ, "JWT") != 0) {
-		*error_r = "Cannot find 'typ' field";
+	if (typ != NULL && strcasecmp(typ, "JWT") != 0) {
+		*error_r = t_strdup_printf("Unsupported typ value '%s'", typ);
 		return -1;
 	}
 
diff --git a/src/lib-oauth2/test-oauth2-jwt.c b/src/lib-oauth2/test-oauth2-jwt.c
index 8afa8d96d3..b0c5324344 100644
--- a/src/lib-oauth2/test-oauth2-jwt.c
+++ b/src/lib-oauth2/test-oauth2-jwt.c
@@ -390,15 +390,11 @@ static void test_jwt_broken_token(void)
 			.is_jwt = FALSE
 		},
 		{ /* no alg field */
-			.token = "eyJ0eXAiOiAiSldUIn0",
-			.is_jwt = FALSE
-		},
-		{ /* no typ field */
-			.token = "eyJhbGciOiAiSFMyNTYifQ",
+			.token = "eyJ0eXAiOiAiSldUIn0.e30.e30",
 			.is_jwt = FALSE
 		},
 		{ /* typ field is wrong */
-			.token = "eyJ0eXAiOiAiand0IiwgImFsZyI6ICJIUzI1NiJ9."
+			.token = "e3R5cDogamtzLCBhbGc6IEhTMjU2fQ."
 				 "eyJhbGdvIjogIldURiIsICJ0eXAiOiAiSldUIn0."
 				 "q2wwwWWJVJxqw-J3uQ0DdlIyWfoZ7Z0QrdzvMW_B-jo",
 			.is_jwt = FALSE
-- 
2.47.3