Closed philbarr closed 5 years ago
philbarr
commented
5 years ago You can add the slack to the config like this in M.get_options() in utils.lua
return {
....other...configs.... ,
iat_slack=config.slack,
}and that iat_slack value won't be used by kong-oidc but will be passed through to openidc and used. then you can add that config like you would any other config.
When I get chance I'll submit a PR (unless someone shouts at me not to)
Trojan295
commented
5 years ago I believe you would need to add an config parameters like in this PR https://github.com/nokia/kong-oidc/pull/62.
philbarr
commented
5 years ago Thanks trojan295 I ended up forking this to add my own specific params like this because I also had issues with ADFS. If anyone is interested I called it kong-oidc-adfs and packaged it and uploaded to luarocks.
Trojan295
commented
5 years ago So can I close it?
philbarr
commented
5 years ago The fix is pretty simple as it turns out. I can do it this weekend and submit a PR for review if you prefer?
Trojan295
commented
5 years ago Sure, go ahead!
Trojan295
commented
5 years ago Closing
My IdP (Azure AD) is sending me tokens with a timestamp that are too different from the nginx timestamp and are being rejected by the lua-resty-openidc library.
The lua-resty-openidc library has an option "iat_slack" that you can set to get around these timestamp differences. You're supposed to be able to set this option in your nginx conf, but any attempt I've made hasn't worked (I'm a complete noob at nginx, lua, kong, oidc!)
For the time being, I've changed line 106 in openidc.lua from: local slack=opts.iat_slack and opts.iat_slack or 120 to local slack=opts.iat_slack and opts.iat_slack or 700 ...and this works. But it is clearly far from ideal.
Please could someone either:
Thanks for any help