fix: use issuer URL from openid configuration

yiisoft · Apr 7, 2023 · abb4b81 · abb4b81
1 parent eb5d09d
commit abb4b81
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/OpenIdConnect.php b/src/OpenIdConnect.php
@@ -512,7 +512,8 @@ protected function loadJws($jws)
      */
     protected function validateClaims(array $claims)
     {
-        if (!isset($claims['iss']) || (strcmp(rtrim($claims['iss'], '/'), rtrim($this->issuerUrl, '/')) !== 0)) {
+        $expectedIssuer = $this->getConfigParam('issuer', $this->issuerUrl);
+        if (!isset($claims['iss']) || (strcmp(rtrim($claims['iss'], '/'), rtrim($expectedIssuer, '/')) !== 0)) {
             throw new HttpException(400, 'Invalid "iss"');
         }
         if (!isset($claims['aud'])