From 129cd482662b3f2472fab8588bd09f94f20473f1 Mon Sep 17 00:00:00 2001
From: Tim McCormack <tmccormack@edx.org>
Date: Wed, 13 Jan 2021 17:19:37 +0000
Subject: [PATCH] Include security patch for pinning JWT signature algorithm in
 apple-id (#26059)

Extract from social-auth-core eed3007c4ccdbe959b1a3ac83102fe869d261948
---
 common/djangoapps/third_party_auth/appleid.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/common/djangoapps/third_party_auth/appleid.py b/common/djangoapps/third_party_auth/appleid.py
index 502a204dc3..7cb9f607bd 100644
--- a/common/djangoapps/third_party_auth/appleid.py
+++ b/common/djangoapps/third_party_auth/appleid.py
@@ -2,6 +2,10 @@
 # of social-core:
 # https://github.com/python-social-auth/social-core/blob/3.4.0/social_core/backends/apple.py
 #
+# Additional changes:
+#
+# - Patch for JWT algorithms specification: eed3007c4ccdbe959b1a3ac83102fe869d261948
+#
 # v3.4.0 is unreleased at this time (2020-07-28) and contains several necessary
 # bugfixes over 3.3.3 for AppleID, but also causes the
 # TestShibIntegrationTest.test_full_pipeline_succeeds_for_unlinking_testshib_account
@@ -171,7 +175,7 @@ class AppleIdAuth(BaseOAuth2):
                 id_token,
                 key=public_key,
                 audience=self.get_audience(),
-                algorithm='RS256',
+                algorithms=['RS256'],
             )
         except PyJWTError:
             raise AuthFailed(self, 'Token validation failed')