From 0e1eb8f1e14ab021f03415ad3f84d57f18724506 Mon Sep 17 00:00:00 2001
From: Tomasz Magulski <tomasz.magulski@saleor.io>
Date: Thu, 7 Jul 2022 13:17:19 +0200
Subject: [PATCH] Fixing JWKS remove key resolving logic

---
 package.json      | 5 +++++
 src/middleware.ts | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 6cfb5fd..4eac42c 100644
--- a/package.json
+++ b/package.json
@@ -41,6 +41,11 @@
       "import": "./middleware.mjs",
       "require": "./middleware.js"
     },
+    "./urls": {
+      "types": "./urls.d.ts",
+      "import": "./urls.mjs",
+      "require": "./urls.js"
+    },
     ".": {
       "types": "./index.d.ts",
       "import": "./index.mjs",
diff --git a/src/middleware.ts b/src/middleware.ts
index ef6540b..8fec4f2 100644
--- a/src/middleware.ts
+++ b/src/middleware.ts
@@ -97,7 +97,7 @@ export const withWebhookSignatureVerified = (
 
       const jwksKey = await jose.createRemoteJWKSet(
         new URL(jwksUrl(saleorDomain))
-      )(header, payloadSignature);
+      )(jose.decodeProtectedHeader(payloadSignature), jws);
 
       try {
         await jose.flattenedVerify(jws, jwksKey);