Skip to content
Snippets Groups Projects
Unverified Commit 129cd482 authored by Tim McCormack's avatar Tim McCormack Committed by GitHub
Browse files

Include security patch for pinning JWT signature algorithm in apple-id (#26059)

Extract from social-auth-core eed3007c4ccdbe959b1a3ac83102fe869d261948
parent e66ff411
No related branches found
No related tags found
No related merge requests found
......@@ -2,6 +2,10 @@
# of social-core:
# https://github.com/python-social-auth/social-core/blob/3.4.0/social_core/backends/apple.py
#
# Additional changes:
#
# - Patch for JWT algorithms specification: eed3007c4ccdbe959b1a3ac83102fe869d261948
#
# v3.4.0 is unreleased at this time (2020-07-28) and contains several necessary
# bugfixes over 3.3.3 for AppleID, but also causes the
# TestShibIntegrationTest.test_full_pipeline_succeeds_for_unlinking_testshib_account
......@@ -171,7 +175,7 @@ class AppleIdAuth(BaseOAuth2):
id_token,
key=public_key,
audience=self.get_audience(),
algorithm='RS256',
algorithms=['RS256'],
)
except PyJWTError:
raise AuthFailed(self, 'Token validation failed')
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment