Item14922: OpenIDLoginContrib - Can't use string as a hash

pencil
Priority: Enhancement
Current State: New
Released In: n/a
Target Release:
Applies To: Extension
Component: OpenIDLoginContrib
Branches:
Reported By: LlewelynJones
Waiting For:
Last Change By: LlewelynJones
Hello When using the OpenIDLoginContrib with a Keycloak OpenID Connect Provider it failed with the following

Can't use string ("{"jti":"2e7138d8-9516-436b-882b-"...) as a HASH ref while "strict refs" in use

The perl code calls Crypt::JWT::decode_jwt . The above problem was solved by forcing the call to return a scalar and then conveting it to a hash

diff -u OpenIDConnect.pm.orig OpenIDConnect.pm
--- OpenIDConnect.pm.orig       2020-06-05 16:00:34.000000001 +0200
+++ OpenIDConnect.pm    2020-06-05 16:09:37.000000001 +0200
@@ -136,14 +136,16 @@

     my $header = JSON::decode_json(MIME::Base64::decode($parts[0]));
     my $kid = $header->{'kid'};
-    my $data = '';
+    my $data;
+    my $dataScalar = '';

     # This looks through all the public keys we got via the discovery document to find the one
     # that was used to sign the id token.
     foreach my $key (@$keys) {
        if ($key->{'kid'} eq $kid) {
            eval {
-               $data = Crypt::JWT::decode_jwt(token=>$id_token, key=>$key);
+               $dataScalar = Crypt::JWT::decode_jwt(token=>$id_token, key=>$key,decode_payload=>0); # force return of a scalar
+                $data = JSON::decode_json($dataScalar); # now convert to perl hash
            };
            if ($@) {
                Foswiki::Func::writeDebug("OpenIDLoginContrib: JWT ID token verification failed: " . $@);

-- LlewelynJones - 10 Jun 2020

 
Topic revision: r1 - 10 Jun 2020, LlewelynJones
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy