fix: explicitly pass RS256 algorithm to jose.jwk.construct to handle JWKS keys without alg field

2026-04-14 16:38:14 +02:00
parent 0bdfae6373
commit c22c637511
1 changed files with 1 additions and 1 deletions
--- a/backend/auth.py
+++ b/backend/auth.py
@@ -52,7 +52,7 @@ def _decode_token(token: str, jwks):
        if not key_dict:
            raise HTTPException(status_code=401, detail="Invalid token: signing key not found")

-        key = construct(key_dict)
+        key = construct(key_dict, algorithm="RS256")
        decode_kwargs = {"algorithms": ["RS256"]}
        if AUTH_CLIENT_ID:
            decode_kwargs["audience"] = AUTH_CLIENT_ID