Closed protoism closed 10 months ago
Yes it is the right thing to do. When authorization_response_iss_parameter_supported
is advertised and there's no ID Token or JARM response the server is supposed to return an iss
parameter.
I read the code better, and you're absolutely right. Thanks... the issue is simply on saml-jackson, then, which is filtering out 'iss'
Describe the bug
Exception when trying to authenticate with a simple Keycloak server
To Reproduce
A bit complicate.. We're using boxyhq's saml-jackson library...
Steps to reproduce the behaviour:
Expected behaviour No exception
Environment: Node 20
Additional context
While there might be some problem in saml-jackson, I wonder if this code in lib/client.js is correct:
Is checking for 'id_token' the right thing to do?