sastie-rai
commented
11 months ago For what it's worth the token containing email_verified is structured as such:
{"at_hash":"IaBzhHBZWZNMxA0Kna-B2g","aud":["111e31ee-3d45-454a-9e58-0b81882f88ae"],"auth_time":1700868115,"email":"XXXX@xxxx.com","email_verified":"true","exp":1700871716,"family_name":"XXX","given_name":"xxx","iat":1700868116,"iss":"https://oauth.id.jumpcloud.com/","jti":"71baeee8-20a5-43e7-87ef-4fa778096f87","memberOf":"Mygroup","middle_name":"","name":"xxx xxx","nonce":"KXYWLHyhKrib4c2j7AjzwbyKSQT2j1FJAk4bUmlSOog","preferred_username":"xxx","rat":1700868109,"sid":"16af17d4-b3c8-4b52-9baa-313d08d86186","sub":"645d81be4445cb3a09aee615"} I would also add that argocd sso implementation with this external OIDC setup works fine.
Pre-requisites
:latestWhat happened/what you expected to happen?
I have tried to setup Jumpcloud as the OIDC provider. When one sets the email profile in Jumpcloud, the attributes email (dynamic) and email_verified (statically set to true) are added. Attempting to login in this scenario causes the following error to occur upon callback:
time="2023-11-24T18:22:44.257Z" level=error msg="failed to get claims from the id token" error="json: cannot unmarshal string into Go struct field claimAlias.email_verified of type bool"Removing email_verified from the list of attributes solves the issue. i have tried the following values for email_verified:1, true, TRUE, Truebut they all fail equally.Version
latest
Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.
Logs from the workflow controller
Logs from in your workflow's wait container