From 38a83dc967db62091bd2e79d6d1dfae12517eb55 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Tue, 21 Jun 2022 11:17:01 +0200
Subject: [PATCH 1/2] auth_oidc: adapt to be compatible with jwcrypto<1

---
 src/authentic2_auth_oidc/models.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/authentic2_auth_oidc/models.py b/src/authentic2_auth_oidc/models.py
index e24250a0..72d57708 100644
--- a/src/authentic2_auth_oidc/models.py
+++ b/src/authentic2_auth_oidc/models.py
@@ -155,8 +155,13 @@ class OIDCProvider(BaseAuthenticator):
                     _('Provider signature method is %s yet no jwkset was provided.')
                     % key_sig_mapping[self.idtoken_algo]
                 )
-
-            if not any([key.get('kty', None) == key_sig_mapping[self.idtoken_algo] for key in self.jwkset]):
+            # verify that a key is available for the chosen algorithm
+            for key in self.jwkset:
+                # compatibility with jwcrypto < 1
+                key_type = key.get('kty', None) if isinstance(key, dict) else key.key_type
+                if key_type == key_sig_mapping[self.idtoken_algo]:
+                    break
+            else:
                 raise ValidationError(
                     _(
                         'Provider signature method is %s yet the provided jwkset does not contain any such key type.'
-- 
2.35.1