verifies algorithm before evaluating keyfinder

lib/jwt/decode.rb

@@ -33,12 +33,12 @@ def decode_segments
     private
 
     def verify_signature
-      @key = find_key(&@keyfinder) if @keyfinder
-      @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
-
       raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms.empty?
       raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless options_includes_algo_in_header?
 
+      @key = find_key(&@keyfinder) if @keyfinder
+      @key = ::JWT::JWK::KeyFinder.new(jwks: @options[:jwks]).key_for(header['kid']) if @options[:jwks]
+
       Signature.verify(header['alg'], @key, signing_input, @signature)
     end
 

spec/jwt_spec.rb

@@ -299,6 +299,16 @@
         end.not_to raise_error
       end
 
+      it 'should raise JWT::IncorrectAlgorithm on mismatch prior to kid public key network call' do
+        token = JWT.encode payload, data[:rsa_private], 'RS256'
+
+        expect do
+          JWT.decode(token, nil, true, { algorithms: ['RS384'] }) do |_,_|
+            # unsuccessful keyfinder public key network call here
+          end
+        end.to raise_error JWT::IncorrectAlgorithm
+      end
+
       it 'should raise JWT::IncorrectAlgorithm when algorithms array does not contain algorithm' do
         token = JWT.encode payload, data[:secret], 'HS512'