Merge pull request #276 from azmeuk/expected-at-hash-fix

verifyJWTclaims: fixed an exception when $accessToken is null
jumbojett · Nov 20, 2021 · 131e7f9 · 131e7f9
2 parents e44e56c + eaeb520
commit 131e7f9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
@@ -1004,7 +1004,7 @@ protected function verifyJWTclaims($claims, $accessToken = null) {
             && ($claims->nonce === $this->getNonce())
             && ( !isset($claims->exp) || ((gettype($claims->exp) === 'integer') && ($claims->exp >= time() - $this->leeway)))
             && ( !isset($claims->nbf) || ((gettype($claims->nbf) === 'integer') && ($claims->nbf <= time() + $this->leeway)))
-            && ( !isset($claims->at_hash) || $claims->at_hash === $expected_at_hash )
+            && ( !isset($claims->at_hash) || !isset($accessToken) || $claims->at_hash === $expected_at_hash )
         );
     }