CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Disallow kid audience

Browse Source
This commit is contained in:
Konstantin Wohlwend 2024-12-12 09:41:37 -08:00
parent 257ec46244
commit 0db15d63b0
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/stack-shared/src/utils/jwt.tsx
View File

@ -3,7 +3,7 @@ import elliptic from "elliptic";
import * as jose from "jose";
import { JOSEError } from "jose/errors";
import { encodeBase64Url } from "./bytes";
import { getEnvVariable } from "./env";
import { StackAssertionError } from "./errors";
import { globalVar } from "./globals";
import { pick } from "./objects";
@ -112,6 +112,9 @@ export function getPerAudienceSecret(options: {
audience: string,
secret: string,
}) {
if (options.audience === "kid") {
throw new StackAssertionError("You cannot use the 'kid' audience for a per-audience secret, see comment below in jwt.tsx");
}
return jose.base64url.encode(
crypto
.createHash('sha256')