From a43edc28d7ebdfc350317811efbd6d9081472d02 Mon Sep 17 00:00:00 2001
From: Tim Wellbrock <25177907+twellck@users.noreply.github.com>
Date: Tue, 14 May 2024 18:38:01 +1000
Subject: [PATCH] Added support for the kid token header in the JWKsController

---
 src/Laravel/JwksController.php | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/src/Laravel/JwksController.php b/src/Laravel/JwksController.php
index 7fcd444..2f980e9 100644
--- a/src/Laravel/JwksController.php
+++ b/src/Laravel/JwksController.php
@@ -12,15 +12,22 @@ public function __invoke() {
         // Source: https://www.tuxed.net/fkooman/blog/json_web_key_set.html
         $keyInfo = openssl_pkey_get_details(openssl_pkey_get_public($publicKey));
 
+        $passportJWK = [
+            'alg' => 'RS256',
+            'kty' => 'RSA',
+            'use' => 'sig',
+            'n' => rtrim(str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['n'])), '='),
+            'e' => rtrim(str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['e'])), '='),
+        ];
+
+        // Adds the kid if it is set in the config's token_headers
+        if ($kid = config('openid.token_headers.kid', false)) {
+            $passportJWK['kid'] = $kid;
+        }
+
         $jsonData = [
             'keys' => [
-                [
-                    'alg' => 'RS256',
-                    'kty' => 'RSA',
-                    'use' => 'sig',
-                    'n' => rtrim(str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['n'])), '='),
-                    'e' => rtrim(str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['e'])), '='),
-                ],
+                $passportJWK,
             ],
         ];