Merge pull request #652 from mridang/feat/jwt-kid-support

Author: pboling

.rubocop_gradual.lock

@@ -68,7 +68,7 @@
   "spec/oauth2/response_spec.rb:2248532534": [
     [3, 1, 31, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/response*_spec.rb`.", 3190869319]
   ],
-  "spec/oauth2/strategy/assertion_spec.rb:793170256": [
+  "spec/oauth2/strategy/assertion_spec.rb:3524328522": [
     [6, 1, 42, "RSpec/SpecFilePathFormat: Spec path should end with `o_auth2/strategy/assertion*_spec.rb`.", 3665690869]
   ],
   "spec/oauth2/strategy/auth_code_spec.rb:142083698": [

lib/oauth2/strategy/assertion.rb

@@ -95,7 +95,10 @@ def build_request(assertion, request_opts = {})
       def build_assertion(claims, encoding_opts)
         raise ArgumentError.new(message: "Please provide an encoding_opts hash with :algorithm and :key") if !encoding_opts.is_a?(Hash) || (%i[algorithm key] - encoding_opts.keys).any?
 
-        JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm])
+        headers = {}
+        headers[:kid] = encoding_opts[:kid] if encoding_opts.key?(:kid)
+
+        JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm], headers)
       end
     end
   end

spec/oauth2/strategy/assertion_spec.rb

@@ -164,6 +164,24 @@
             expect { client_assertion.get_token(claims, encoding_opts) }.to raise_error(ArgumentError, /encoding_opts/)
           end
         end
+
+        context "when including a Key ID (kid)" do
+          let(:algorithm) { "HS256" }
+          let(:key) { "new_secret_key" }
+          let(:kid) { "my_super_secure_key_id_123" }
+
+          before do
+            client_assertion.get_token(claims, algorithm: algorithm, key: key, kid: kid)
+            raise "No request made!" if @request_body.nil?
+          end
+
+          it_behaves_like "encodes the JWT"
+
+          it "includes the kid in the JWT header" do
+            expect(header).not_to be_nil
+            expect(header["kid"]).to eq(kid)
+          end
+        end
       end
     end