Automatically closed - issue fixed for 2 weeks with no activity.
x5c should not be base64url_encoded.
The standard is defined as:
The "x5c" (X.509 Certificate Chain) member contains a chain of one or
more PKIX certificates [RFC5280]. The certificate chain is
represented as a JSON array of certificate value strings. Each
string in the array is a base64 encoded ([RFC4648] Section 4 -- not
base64url encoded) DER [ITU.X690.1994] PKIX certificate value. The
PKIX certificate containing the key value MUST be the first
certificate.
See more here https://tools.ietf.org/html/draft-ietf-jose-json-web-key-41#section-4.7
The x5c array key defined at https://git.drupalcode.org/project/openid_connect_autodiscovery/-/blob/8... gets its value from https://git.drupalcode.org/project/openid_connect_autodiscovery/-/blob/8... which is incorrect.
Change
$jsonKeys['x5c'][] = self::base64url_encode(self::pem2der($keys['public_key']));
To
$jsonKeys['x5c'][] = base64_encode(self::pem2der($keys['public_key']));
Fixed
2.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Automatically closed - issue fixed for 2 weeks with no activity.