From 134ec39429dc90487f7a7f8bfe027192c065eee1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrick=20Bu=C3=9Fmann?= <patrick.bussmann@bussmann-it.de>
Date: Thu, 13 Feb 2020 03:43:29 +0100
Subject: [PATCH] Fixed bug with usage of JSON web key set of apple

---
 CHANGELOG.md                   | 20 +++++++++++++++++++-
 src/Token/AppleAccessToken.php | 23 ++++++++++++++++++++---
 2 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1254b6c..d961195 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 # Changelog
 All Notable changes to `oauth2-apple` will be documented in this file
 
-## 0.3.0 - 201X-XX-XX
+## 0.3.0 - 202X-XX-XX
 
 ### Added
 - Nothing
@@ -18,6 +18,24 @@ All Notable changes to `oauth2-apple` will be documented in this file
 ### Security
 - Nothing
 
+## 0.2.1 - 2020-02-13
+
+### Added
+- Nothing
+
+### Deprecated
+- Nothing
+
+### Fixed
+- Handling of Apples JSON Web Key Set
+- Undefined index: code [#4](https://github.com/patrickbussmann/oauth2-apple/pull/4) (thanks to [Darlinkster](https://github.com/Darlinkster))
+
+### Removed
+- Nothing
+
+### Security
+- Nothing
+
 ## 0.2.0 - 2019-10-31
 
 ### Added
diff --git a/src/Token/AppleAccessToken.php b/src/Token/AppleAccessToken.php
index 8b840f5..8ef8179 100644
--- a/src/Token/AppleAccessToken.php
+++ b/src/Token/AppleAccessToken.php
@@ -26,9 +26,11 @@ class AppleAccessToken extends AccessToken
     /**
      * Constructs an access token.
      *
-     * @param  array $options An array of options returned by the service provider
+     * @param array $options An array of options returned by the service provider
      *     in the access token request. The `access_token` option is required.
      * @throws InvalidArgumentException if `access_token` is not provided in `$options`.
+     *
+     * @throws \Exception
      */
     public function __construct(array $options = [])
     {
@@ -36,7 +38,22 @@ public function __construct(array $options = [])
             throw new InvalidArgumentException('Required option not passed: "id_token"');
         }
 
-        $decoded = JWT::decode($options['id_token'], $this->getAppleKey(), ['RS256']);
+        $decoded = null;
+        $keys = $this->getAppleKey();
+        $last = end($keys);
+        foreach ($keys as $key) {
+            try {
+                $decoded = JWT::decode($options['id_token'], $key, ['RS256']);
+                break;
+            } catch (\Exception $exception) {
+                if ($last === $key) {
+                    throw $exception;
+                }
+            }
+        }
+        if (null === $decoded) {
+            throw new \Exception('Got no data within "id_token"!');
+        }
         $payload = json_decode(json_encode($decoded), true);
 
         $options['resource_owner_id'] = $payload['sub'];
@@ -65,7 +82,7 @@ public function __construct(array $options = [])
      */
     protected function getAppleKey()
     {
-        return JWK::parseKeySet(file_get_contents('https://appleid.apple.com/auth/keys'))['AIDOPK1'];
+        return JWK::parseKeySet(file_get_contents('https://appleid.apple.com/auth/keys'));
     }
 
     /**