From 7af23f35baf6edc0548d9124e8ea1526d26c4f0e Mon Sep 17 00:00:00 2001
From: Scott Boone <scott.boone@8x8.com>
Date: Wed, 18 Aug 2021 11:54:50 -0700
Subject: [PATCH] added comment for future proofing

---
 resources/prosody-plugins/token/util.lib.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/prosody-plugins/token/util.lib.lua b/resources/prosody-plugins/token/util.lib.lua
index 546cd80fa9..a9cc06a158 100644
--- a/resources/prosody-plugins/token/util.lib.lua
+++ b/resources/prosody-plugins/token/util.lib.lua
@@ -274,7 +274,7 @@ function Util:process_and_verify_token(session, acceptedIssuers)
         if alg == nil then
             return false, "not-allowed", "'alg' claim is missing";
         end
-        if alg.sub(alg,1,2) ~= "RS" then
+        if alg.sub(alg,1,2) ~= "RS" then -- do not remove - needed to protect jwt.decode in verify_token
             return false, "not-allowed", "'kid' claim only support with RS family";
         end
         pubKey = self:get_public_key(kid);