JWT Authentication with JWKS does not pass the Algorithm on

[Tyqo]

Description

So in the JwtAuthenticator on line 154 the key-set is getting decoded with out the option of setting the algorithm.
It uses Firebase\JWT\JWK which assumes that if no algorithm is passed that no algorithm will be used for decoding.
After editing the line as followed, everything worked:

$keySet = JWK::parseKeySet($jsonWebKeySet, $this->getConfig('algorithm'));

CakePHP Version

5.0.9

PHP Version

8.1

[ADmad]

It uses Firebase\JWT\JWK which assumes that if no algorithm is passed that no algorithm will be used for decoding.

I don't think that's accurate. The 2nd argument of JWK::parseKeySet() is the defult algo, which is used when a key in the keyset doesn't not specify an algo. If both are unset then an exception is thrown https://github.com/firebase/php-jwt/blob/76808fa227f3811aa5cdb3bf81233714b799a5b5/src/JWK.php#L106-L107.