Comments (11)
#68 solves the problem, but we must reintroduce signature verification again later.
from omniauth_openid_connect.
I believe nov/json-jwt#92 is the proper fix for this issue.
from omniauth_openid_connect.
I also ran into this issue today, going to revert to 0.3.3
for now
from omniauth_openid_connect.
I think I found the problem:
::OpenIDConnect::ResponseObject::IdToken.decode(id_token, public_key)
public_key
is an jwt encoded array of dicts, where each dict represents one key containing a key id. id_token
is also an array of dicts. There must be the key id kid
named in the id_token
.
from omniauth_openid_connect.
Hi,
I just run into this same issue while using 0.3.3
...
Does that makes sense to you ? Could it be not related to this issue ?
I have pretty much the same stacktrace as @tobiashuste
from omniauth_openid_connect.
Hi,
I just run into this same issue while using
0.3.3
...
Does that makes sense to you ? Could it be not related to this issue ?
I have pretty much the same stacktrace as @tobiashuste
No, this must be something else. Is there an error "KidNotFound"?
from omniauth_openid_connect.
yep, same stacktrace as the one posted up there..
from omniauth_openid_connect.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from omniauth_openid_connect.
We solved this issue on our Gitlab instance by switching the ID token signature method to RS256 instead of HS256 in our OP configuration.
It is normal for JWT signed with HS* to not have a kid
because they are unambiguously signed by the client secret in the context of OpenID Connect. The lack of kid
should not be a fatal error.
from omniauth_openid_connect.
Got some feedback from the json-jwt maintainer, and this is another attempt at fixing this issue: #91
from omniauth_openid_connect.
@stanhu Is the fix you provided for this issue in #91 or nov/json-jwt#92 expected to get merged & released? Both maintainers don't seem very willing nor active 😦
Should we switch to the Gitlab fork? In case of the latter, is there any Omniauth 2.x support planned for that fork?
from omniauth_openid_connect.
Related Issues (20)
- Allow relaxing state check for IdP initiated SSO HOT 6
- Automatically set (and send?) redirect_uri HOT 2
- Dynamically Set ACR Values HOT 3
- OneLogin OIDC post_logout_redirect_uri issue HOT 3
- OpenID-provider without `userinfo_endpoint`
- Uninitialized constant json::jws::unknownalgorithm HOT 1
- Pitfalls setting up OIDC with ADFS HOT 2
- Why should the logout path be relative to request_path
- Possible bug when upgrading to 0.7.0 and openid_connect to 2.2.0 HOT 2
- When using jwks_uri, default value fails becuase it's not a URI
- OmniAuth::Strategies::OpenIDConnect::CallbackError, csrf_detected | Invalid 'state' parameter HOT 3
- Authentication failure! no implicit conversion of Hash into String (version 0.6.1) HOT 3
- Migration guide from gitlab-omniauth-openid-connect to this gem? HOT 4
- Problem using microsoft oauth2 as provider because of dynamic issuer HOT 22
- Dynamic client_options.redirect_uri value HOT 3
- Could not authenticate you from [My Provider name] because "Unknown" HOT 3
- Actioncontroller::InvalidAuthenticityToken with omniauth_openid_connect and omniauth-rails_csrf_protection HOT 1
- How not to send the `state` parameter? HOT 21
- Getting a routing error after initialization HOT 3
- Back-channel Single Sign Out Support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omniauth_openid_connect.