Unable to authenticate without kid in JWK and JWTs

**Describe the bug**
The [RFC7515](https://datatracker.ietf.org/doc/html/rfc7515#page-11) and [RFC7517](https://datatracker.ietf.org/doc/html/rfc7517#page-8) all deems the `kid` field as optional, but this plugin is unable to authenticate when `kid` is not present on the JWT and JWKS. 

**To Reproduce**
Steps to reproduce the behavior:
1. Use this plugin to login via a provider that does not have a `kid`. 
2. Set up JWKS url, and it fails.
3. Remove JWKS url, and it restores.

**Screenshots**
If applicable, add screenshots to help explain your problem.
White screen, with URL saying authentication failed. 

**Expected behavior**
A clear and concise description of what you expected to happen.
The plugin should assume the first key available, or try all keys.

**Isolating the problem (mark completed items with an [x]):**
- [x] I have deactivated other plugins and confirmed this bug occurs when only this plugin is active.
- [x] This bug happens with a default WordPress theme active.
- [x] I can reproduce this bug consistently using the steps above.

**WordPress Environment**
- Website URL: https://winterco.org/
- PHP Version: 8.4.11
- WordPress Version: 6.9.1
- Plugin Version: 3.11.3
- Identity Provider: https://seat.winterco.org
- Relevant Plugin Settings: JWKS URI. https://seat.winterco.org/.well-known/jwks


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unable to authenticate without kid in JWK and JWTs #656

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Unable to authenticate without kid in JWK and JWTs #656

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions