Item14922: OpenIDLoginContrib - Can't use string as a hash

Hello When using the OpenIDLoginContrib with a Keycloak OpenID Connect Provider it failed with the following

Can't use string ("{"jti":"2e7138d8-9516-436b-882b-"...) as a HASH ref while "strict refs" in use

The perl code calls Crypt::JWT::decode_jwt . The above problem was solved by forcing the call to return a scalar and then conveting it to a hash

diff -u OpenIDConnect.pm.orig OpenIDConnect.pm
--- OpenIDConnect.pm.orig       2020-06-05 16:00:34.000000001 +0200
+++ OpenIDConnect.pm    2020-06-05 16:09:37.000000001 +0200
@@ -136,14 +136,16 @@

     my $header = JSON::decode_json(MIME::Base64::decode($parts[0]));
     my $kid = $header->{'kid'};
-    my $data = '';
+    my $data;
+    my $dataScalar = '';

     # This looks through all the public keys we got via the discovery document to find the one
     # that was used to sign the id token.
     foreach my $key (@$keys) {
        if ($key->{'kid'} eq $kid) {
            eval {
-               $data = Crypt::JWT::decode_jwt(token=>$id_token, key=>$key);
+               $dataScalar = Crypt::JWT::decode_jwt(token=>$id_token, key=>$key,decode_payload=>0); # force return of a scalar
+                $data = JSON::decode_json($dataScalar); # now convert to perl hash
            };
            if ($@) {
                Foswiki::Func::writeDebug("OpenIDLoginContrib: JWT ID token verification failed: " . $@);

-- LlewelynJones - 10 Jun 2020

Commenting is disabled while not logged in