fix: reject client JSON Web Key Set null value (#1237)

Co-authored-by: Filip Skokan <panva.ip@gmail.com>
panva · Dec 1, 2023 · cce6d43 · cce6d43
1 parent a0af4c4
commit cce6d43
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/lib/models/client.js b/lib/models/client.js
@@ -38,7 +38,7 @@ const fingerprint = (properties) => hash(properties, {
 
 const validateJWKS = (jwks) => {
   if (jwks !== undefined) {
-    if (!Array.isArray(jwks.keys) || !jwks.keys.every(isPlainObject)) {
+    if (!Array.isArray(jwks?.keys) || !jwks.keys.every(isPlainObject)) {
       throw new InvalidClientMetadata('client JSON Web Key Set is invalid');
     }
   }

diff --git a/test/configuration/client_metadata.test.js b/test/configuration/client_metadata.test.js
@@ -1749,6 +1749,7 @@ describe('Client metadata validation', () => {
       rejects(this.title, { keys: [value] }, 'client JSON Web Key Set is invalid');
     });
     rejects('jwks', 'string', 'client JSON Web Key Set is invalid');
+    rejects('jwks', null, 'client JSON Web Key Set is invalid');
     rejects(this.title, {}, 'client JSON Web Key Set is invalid');
     rejects(this.title, 1, 'client JSON Web Key Set is invalid');
     rejects(this.title, 0, 'client JSON Web Key Set is invalid');