[bug] OIDC userinfo as jwt not readable
Concerned version
Version: %2.0.11
Summary
When OP sends userinfo as jwt, LLNG as RP is not able to read it
Possible fixes
In Lib/OpenIDConnect.pm:657 (sub getUserInfo) => return unless $self->verifyJWTSignature( $op, $userinfo_content );
Parameters should be switched as => $self->verifyJWTSignature( $userinfo_content, $op );
Indeed if we check the verifyJWTSignature prototype we have:
sub verifyJWTSignature {
my ( $self, $jwt, $op, $rp ) = @_;
[...]
Will try to apply the change today later and check if the confusion is not somewhere else. This confusion could come from the prototype of getUserInfo which waits for $op in first position parameter and token in second, the opposite of verifyJWTSignature.
We apply the change on 2.0.8 to make it working, but the change still needed in 2.0.11.
Regards,