From 7eeaabeb0ece7dab0adad83c1fc2479d7688264a Mon Sep 17 00:00:00 2001 From: Roland Hedberg Date: Sat, 13 Dec 2014 15:21:58 +0100 Subject: [PATCH] Use the OP key when verifying signature on a received JWT. --- src/oic/oic/__init__.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/oic/oic/__init__.py b/src/oic/oic/__init__.py index 5cd22ce..5494dc1 100644 --- a/src/oic/oic/__init__.py +++ b/src/oic/oic/__init__.py @@ -751,9 +751,12 @@ class Client(oauth2.Client): _kty = jws.alg2keytype(algo) # Keys of the OP ? try: - keys = self.keyjar.get_signing_key(_kty, self.kid["sig"][_kty]) + args = {"kid": self.kid["sig"][_kty]} except KeyError: - keys = self.keyjar.get_signing_key(_kty) + args = {} + + owner = self.keyjar.match_owner(path) + keys = self.keyjar.get_signing_key(_kty, owner, **args) return _schema().from_jwt(resp.text, keys)