Merge pull request #6 from saleor/singature-verification-fixes

Fixing JWKS remove key resolving logic

package.json

@@ -41,6 +41,11 @@
       "import": "./middleware.mjs",
       "require": "./middleware.js"
     },
+    "./urls": {
+      "types": "./urls.d.ts",
+      "import": "./urls.mjs",
+      "require": "./urls.js"
+    },
     ".": {
       "types": "./index.d.ts",
       "import": "./index.mjs",

src/middleware.ts

@@ -97,7 +97,7 @@ export const withWebhookSignatureVerified = (
 
       const jwksKey = await jose.createRemoteJWKSet(
         new URL(jwksUrl(saleorDomain))
-      )(header, payloadSignature);
+      )(jose.decodeProtectedHeader(payloadSignature), jws);
 
       try {
         await jose.flattenedVerify(jws, jwksKey);