Open saivisal1 opened 4 years ago
I hit this - it looks like there has been a change to KeyCloak recently, and it doesn't map the client ID into the auth field of the token by default any more. The solution for me was to add a mapper that maps the client ID into the audience claim (more here: https://stackoverflow.com/questions/53550321/keycloak-gatekeeper-aud-claim-and-client-id-do-not-match)
I also faced similar issue today, I passed the audience with decode call
@MohiuddinSumon would you have an example on own to provide the audience in the decode call ?
@lucj what I finally ended up doing was something like this:
options = {"verify_signature": True, "verify_aud": False, "exp": True}
return keycloak_instance.decode_token(given_token, key=given_key, options=options)
setting verify_aud false was sufficient for my case
Thanks @MohiuddinSumon I'm using the same.
same issue with latest keycloak
same issue with latest keycloak
Have you managed to solve it?
same issue with latest keycloak
Have you managed to solve it?
Yes few weeks ago :
I added a token mapper (with type Audience) to the dedicated scope of my client.
Clients > Your client > Client scopes > your-client-dedicated > Add mapper > by configuration > Audience.
Add a name of the mapper, select your client on the select box and enable "Add to access token".
Your client should now be in the "aud" field of the access token
Thank you!
I am trying to decode the token using
token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
_KEYCLOAK_PUBLIC_KEY_
-----BEGIN PUBLIC KEY-----\n xxxx xxxx \n-----END PUBLIC KEY-----
options
{'exp': True, 'verify_signature': False, 'verify_aud': True}
Error `token_info = keycloak_openid.decode_token(token['access_token'], key=KEYCLOAK_PUBLIC_KEY, options=options)
Traceback (most recent call last): File "", line 1, in
File "/venv/lib/python3.5/site-packages/keycloak/keycloak_openid.py", line 346, in decode_token
audience=self.client_id, **kwargs)
File "/venv/lib/python3.5/site-packages/jose/jwt.py", line 172, in decode
options=defaults)
File "/venv/lib/python3.5/site-packages/jose/jwt.py", line 495, in _validate_claims
_validate_aud(claims, audience=audience)
File "/venv/lib/python3.5/site-packages/jose/jwt.py", line 357, in _validate_aud
raise JWTClaimsError('Invalid audience')
jose.exceptions.JWTClaimsError: Invalid audience
`