From cce6d43535da72cd244b18d8a42a8dbee5f0f955 Mon Sep 17 00:00:00 2001
From: KalleV <kvirtaneva@gmail.com>
Date: Fri, 1 Dec 2023 18:12:09 -0500
Subject: [PATCH] fix: reject client JSON Web Key Set `null` value (#1237)

Co-authored-by: Filip Skokan <panva.ip@gmail.com>
---
 lib/models/client.js                       | 2 +-
 test/configuration/client_metadata.test.js | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/models/client.js b/lib/models/client.js
index f985aaef8..15cd0b199 100644
--- a/lib/models/client.js
+++ b/lib/models/client.js
@@ -38,7 +38,7 @@ const fingerprint = (properties) => hash(properties, {
 
 const validateJWKS = (jwks) => {
   if (jwks !== undefined) {
-    if (!Array.isArray(jwks.keys) || !jwks.keys.every(isPlainObject)) {
+    if (!Array.isArray(jwks?.keys) || !jwks.keys.every(isPlainObject)) {
       throw new InvalidClientMetadata('client JSON Web Key Set is invalid');
     }
   }
diff --git a/test/configuration/client_metadata.test.js b/test/configuration/client_metadata.test.js
index be4071c98..a1d076163 100644
--- a/test/configuration/client_metadata.test.js
+++ b/test/configuration/client_metadata.test.js
@@ -1749,6 +1749,7 @@ describe('Client metadata validation', () => {
       rejects(this.title, { keys: [value] }, 'client JSON Web Key Set is invalid');
     });
     rejects('jwks', 'string', 'client JSON Web Key Set is invalid');
+    rejects('jwks', null, 'client JSON Web Key Set is invalid');
     rejects(this.title, {}, 'client JSON Web Key Set is invalid');
     rejects(this.title, 1, 'client JSON Web Key Set is invalid');
     rejects(this.title, 0, 'client JSON Web Key Set is invalid');