Closed manudeep96 closed 4 years ago
Please include the “kid” values And your tenant ID. Thank you.
Also the id token values. You can get the jwt from the error object.
RPError: no valid key found in issuer's jwks_uri for key parameters {"kid":"TduEWfDS_XG7693V9CSicOeRqbg","alg":"RS256"}
I got the same error with this common end-point. https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
@manudeep96 if you're discovering https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration which leads to https://login.microsoftonline.com/common/discovery/v2.0/keys and get an ID Token with kid
header parameter TduEWfDS_XG7693V9CSicOeRqbg
, that's a problem you should raise with AAD. openid-client
is doing all as it should, it looks at the JWT header, downloads the keys from a location that was discovered, attempts to lookup one based on the JWT header, not found, throw. No bug in sight here.
Thanks. That made me read some azure docs and I realized my app had custom signing keys as a result of the claims mapping feature and the discovery end point needed appid as a parameter for me to get the right jwks_uri.
I am trying to use this with azure ad as the IDP following the Authorization Code Flow. Once I get back the auth code client.callback() method throws this error: "no valid key found in issuer's jwks_uri for key parameters {"kid":"","alg":"RS256"}"
The issuer object returned from Issuer.discover('https://login.microsoftonline.com/<my tenant id goes here (also tried with common)>/v2.0/.well-known/openid-')
gives: "jwks_uri":"https://login.microsoftonline.com/common/discovery/v2.0/keys" which has different kid s than the one mentioned in the error. I have no idea where the kid mentioned in the error is coming from.
To Reproduce Issuer and Client configuration: (inline or gist) - Don't forget to redact your secrets.
Steps to reproduce the behaviour:
Expected behaviour I expect the auth code to be exchanged for the token and the token to be validated without any errors.
Environment:
openid-client version: v3.14.0
node version: v10.13.0
[x] i have searched the issues tracker on github for similar issues and couldn't find anything related. Please let me know if I'm missing anything here.