Fix for #53

smart-on-fhir · Jun 12, 2021 · 101eaca · 101eaca
1 parent a0e4350
commit 101eaca
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/TokenHandler.js b/src/TokenHandler.js
@@ -1,6 +1,5 @@
 const crypto       = require("crypto");
 const jwt          = require("jsonwebtoken");
-const base64url    = require("base64-url");
 const jwkToPem     = require("jwk-to-pem");
 const config       = require("./config");
 const SMARTHandler = require("./SMARTHandler");
@@ -119,7 +118,9 @@ class TokenHandler extends SMARTHandler {
         }
 
         try {
-            jwt.verify(req.body.client_assertion, base64url.decode(clientDetailsToken.pub_key), { algorithm: "RS256" });
+            jwt.verify(req.body.client_assertion, clientDetailsToken.pub_key, {
+                algorithms: [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ]
+            });
         } catch (e) {
             return Lib.replyWithError(res, "invalid_token", 401, e.message);
         }