fix: correct deprioritize_none_alg/1

Previously, it would return only two items: the first non-`none` algorithm, and `none`. This doesn't appear to be what we want: instead, we want the full list in their regular order, but with `none` at the end. Related to #297, as the root cause of the crash I was seeing was the the first algorithm in the authorizer's list wasn't supported by JOSE, so we went immediately to `none`.
erlef · Dec 7, 2023 · 2a53282 · 2a53282
1 parent 9bfc399
commit 2a53282
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/src/oidcc_authorization.erl b/src/oidcc_authorization.erl
@@ -273,14 +273,14 @@ essential_params(QueryParams) ->
 
 -spec deprioritize_none_alg(Algorithms :: [binary()]) -> [binary()].
 deprioritize_none_alg(Algorithms) ->
-    lists:usort(
+    {WithNone, WithoutNone} = lists:partition(
         fun
-            (<<"none">>, _B) -> false;
-            (_A, <<"none">>) -> true;
-            (_A, _B) -> true
+            (<<"none">>) -> true;
+            (_) -> false
         end,
         Algorithms
-    ).
+    ),
+    WithoutNone ++ WithNone.
 
 -spec random_string(Bytes :: pos_integer()) -> binary().
 random_string(Bytes) ->

diff --git a/test/oidcc_authorization_test.erl b/test/oidcc_authorization_test.erl
@@ -261,9 +261,9 @@ create_redirect_url_with_request_object_and_max_clock_skew_test() ->
         request_parameter_supported = true,
         request_object_signing_alg_values_supported = [
             <<"none">>,
+            <<"PS256">>,
             <<"HS256">>,
             <<"RS256">>,
-            <<"PS256">>,
             <<"ES256">>,
             <<"EdDSA">>
         ],