Require jti claim on logout token

samuelwei · samuelwei · commit 8de45e3935d4 · 2025-06-24T12:56:53.000+02:00
diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
@@ -634,7 +634,7 @@ public function verifyLogoutTokenClaims(object $claims): bool
                 ]
             );
 
-            $claimCheckerManager->check((array)$claims, ['aud', 'iss', 'iat', 'exp', 'events']);
+            $claimCheckerManager->check((array)$claims, ['aud', 'iss', 'iat', 'exp', 'events', 'jti']);
 
         } catch (MissingMandatoryClaimException | InvalidClaimException) {
             return false;

Original file line number	Diff line number	Diff line change
`@@ -634,7 +634,7 @@ public function verifyLogoutTokenClaims(object $claims): bool`
`634`	`634`	`]`
`635`	`635`	`);`
`636`	`636`
`637`		`- $claimCheckerManager->check((array)$claims, ['aud', 'iss', 'iat', 'exp', 'events']);`
	`637`	`+ $claimCheckerManager->check((array)$claims, ['aud', 'iss', 'iat', 'exp', 'events', 'jti']);`
`638`	`638`
`639`	`639`	`} catch (MissingMandatoryClaimException \| InvalidClaimException) {`
`640`	`640`	`return false;`