fix bug that created invalid JSON for JWK thumbprint

2017-06-28 13:26:30 -06:00 · 2017-06-28 13:26:30 -06:00 · 1a43a58af1
parent 3879129674
commit 1a43a58af1
1 changed files with 3 additions and 1 deletions
--- a/oauth3.crypto.js
+++ b/oauth3.crypto.js
@ -188,7 +188,9 @@
      return OAUTH3.PromiseA.reject(new Error('JWK of type '+jwk.kty+' missing fields ' + missing));
    }

-    var jwkStr = '{' + keys.map(function (name) { return name+':'+jwk[name]; }).join(',') + '}';
+    // I'm not actually 100% sure this behavior is guaranteed, but when we use an array as the
+    // replacer argument the keys are always in the order they appeared in the array.
+    var jwkStr = JSON.stringify(jwk, keys);
    return OAUTH3.crypto.core.sha256(OAUTH3._binStr.binStrToBuffer(jwkStr))
      .then(OAUTH3._base64.bufferToUrlSafe);
  };