From bccffbf6dee00cffa60afe97efab163a41d20cd5 Mon Sep 17 00:00:00 2001
From: jbc5099 <jbc5099@gmail.com>
Date: Tue, 14 Jul 2020 16:58:52 -0600
Subject: [PATCH] Added algorithm option to jwt policy

---
 lib/policies/jwt/index.js | 4 ++++
 lib/policies/jwt/jwt.js   | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/policies/jwt/index.js b/lib/policies/jwt/index.js
index 85f7a3251..3ab340470 100644
--- a/lib/policies/jwt/index.js
+++ b/lib/policies/jwt/index.js
@@ -38,6 +38,10 @@ module.exports = {
         type: 'boolean',
         default: true,
         description: 'Value istructing the gateway whether verify the sub against the internal SOC'
+      },
+      algorithms: {
+        type: 'array',
+        description: 'If defined, limits valid jwts to specified algorithms'
       }
     },
     required: ['jwtExtractor', 'checkCredentialExistence'],
diff --git a/lib/policies/jwt/jwt.js b/lib/policies/jwt/jwt.js
index e4f2896bc..787f656ce 100644
--- a/lib/policies/jwt/jwt.js
+++ b/lib/policies/jwt/jwt.js
@@ -14,7 +14,8 @@ module.exports = function (params) {
     secretOrKey,
     jwtFromRequest: extractor,
     audience: params.audience,
-    issuer: params.issuer
+    issuer: params.issuer,
+    algorithms: params.algorithms
   }, (jwtPayload, done) => {
     if (!jwtPayload) {
       return done(null, false);