1 files changed, 10 insertions(+), 0 deletions(-)

M src/RS256/PublicKey.php

@@ 83,6 83,16 @@ class PublicKey implements PublicKeyInterface
     {
         $jwkData = Json::decode($jwkString);
 
+        // The "kty" value is a case-sensitive string.  This
+        // member MUST be present in a JWK.
+        if (!array_key_exists('kty', $jwkData)) {
+            throw new KeyException('missing "kty" field in JWK');
+        }
+        //  o  The parameter "kty" MUST be "RSA".
+        if ('RSA' !== $jwkData['kty']) {
+            throw new KeyException('"kty" field MUST contain `RSA`');
+        }
+
         return new self(
             Pem::rsaPublicParamsToPem(
                 Base64UrlSafe::decode(self::requireJwkString($jwkData, 'n')),