mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-27 10:42:45 +03:00
🐛 Fixed signing key mismatching in members JWT/JWKS
refs https://github.com/TryGhost/Team/issues/1640 - Some the clien libraries were not able to match the signin key to verify JWT when using `GET /members/.well-knonw/jwks.json` endpoint for member token verification. This issue was due to missing `keyid` parameter allows to indicate the key used to secure JWS (as per https://www.rfc-editor.org/rfc/rfc7515#section-4.1.4) and resolves the automatic matching issue on the client. - The `kid` parameter was left in claims to avoid accidental breaking changes.
This commit is contained in:
parent
72479a152f
commit
fcc9daf549
@ -85,7 +85,7 @@
|
||||
"@tryghost/logging": "2.1.8",
|
||||
"@tryghost/magic-link": "1.0.26",
|
||||
"@tryghost/member-events": "0.4.6",
|
||||
"@tryghost/members-api": "8.1.0",
|
||||
"@tryghost/members-api": "8.1.1",
|
||||
"@tryghost/members-events-service": "0.4.3",
|
||||
"@tryghost/members-importer": "0.5.15",
|
||||
"@tryghost/members-offers": "0.11.6",
|
||||
|
@ -1861,10 +1861,10 @@
|
||||
"@tryghost/domain-events" "^0.1.14"
|
||||
"@tryghost/member-events" "^0.4.6"
|
||||
|
||||
"@tryghost/members-api@8.1.0":
|
||||
version "8.1.0"
|
||||
resolved "https://registry.yarnpkg.com/@tryghost/members-api/-/members-api-8.1.0.tgz#756e41a0cf1bc9680bb4e580348d4aebeb8825bc"
|
||||
integrity sha512-iYo19Z/+ktonIh95sKlia5PJ1nZ/+r7Eg/ygwfU3X2kminhag9vedcHHb9s3h2PTjsx7Rjuy1BxDZMgrgV0L5g==
|
||||
"@tryghost/members-api@8.1.1":
|
||||
version "8.1.1"
|
||||
resolved "https://registry.yarnpkg.com/@tryghost/members-api/-/members-api-8.1.1.tgz#9078ea61717a0c4dab1cff1ef0a0ae505389731c"
|
||||
integrity sha512-gnNmK9Bw8xpdWm/KsXmYKXdE6h52pzI+QOYMTrCHvKkdOk643OBYwkDmssXfSZAxO31offkE0j/q3xTIstlTUw==
|
||||
dependencies:
|
||||
"@nexes/nql" "^0.6.0"
|
||||
"@tryghost/debug" "^0.1.2"
|
||||
|
Loading…
Reference in New Issue
Block a user