Error: auth_time in id_token does not match original auth_time

authts / oidc-client-ts

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications

https://authts.github.io/oidc-client-ts/

Apache License 2.0

1.35k stars 202 forks source link

Error: auth_time in id_token does not match original auth_time #1111

Open phlegx opened 1 year ago

phlegx commented 1 year ago

Hi!

I get this error after signinSilent. The auth_time sames ok. Any idea why this error is thrown?

Error: auth_time in id_token does not match original auth_time

Best regards

pamapa commented 1 year ago

auth_time from the spec: Time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time. When a max_age request is made or when auth_time is requested as an Essential Claim, then this Claim is REQUIRED; otherwise, its inclusion is OPTIONAL. (The auth_time Claim semantically corresponds to the OpenID 2.0 PAPE [OpenID.PAPE] auth_time response parameter.)

apliez commented 3 months ago

Hi,

I have the exact same problem, do you have a solution to solve it ? I see that auth.user.profile.auth_time is undefined in my case but I don't know if this is linked to this error.

Best regards,

pamapa commented 3 months ago

Which version are you using auth_time has been some time ago. See https://github.com/authts/oidc-client-ts/releases/tag/v2.2.4