Verifying JWK with one out of multiple keys, where one of the keys is a HS256 key
0xmerp opened this issue · 0 comments
0xmerp commented
Hi,
Basically I have a use case where I would like to verify JWKs where the signature might be either one of a collection of ES256 keys (ECDSA), or a HS256 (Sha256-HMAC) key.
I was looking at this: https://github.com/firebase/php-jwt?tab=readme-ov-file#example-with-multiple-keys
This lets me load my JWK key set with all of my ES256 keys, but won't handle the case where the JWK might be signed with a HS256 key.
Here is an example of the use case: https://developers.line.biz/en/docs/line-login/verify-id-token/#signature
I was just wondering if php-jwt supports this use case, or if I could propose it as a feature.