Token authentication not working. Invalid audience

jrd / django-oauth2-authcodeflow

Authenticate with any OpenId Connect/Oauth2 provider through authorization code flow. PKCE is also supported

https://pypi.org/project/django-oauth2-authcodeflow/

MIT License

14 stars 7 forks source link

Token authentication not working. Invalid audience #20

Closed Thierrynjike closed 2 months ago

Thierrynjike commented 8 months ago

I am using the package for openidconnect on my API an it works well. When I am trying to consume the API from the frontend, I always get login form instead of the requested resource. I tried to test with postman to read log and i see that the problem is with the audience retrieved from the token.

cpontvieux-systra commented 2 months ago

The audience is your OIDC_RP_CLIENT_ID. The json web token is verified against the OIDC_RP_SIGN_ALGOS_ALLOWED which are ['HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512'] by default.

The Json web token should then contains an AUD key, and it’s the only key that is verified (ISS, SUB, IAT are not verified).

You see the direct error from the jwt python module : Invalid audience that means that you probably provided the wrong OIDC RP_CLIENT_ID in your configuration.