search

pow-auth / pow_assent

Multi-provider authentication for your Pow enabled app
https://powauth.com
MIT License
323 stars 50 forks source link

AzureAD strategy error: Expected `alg` in ID Token to be "HS256", got "RS256" #205

Closed jonwcs closed 3 years ago

jonwcs commented 3 years ago

Hi, I'm trying to use Assent.Strategy.AzureAD, and I've followed all the steps outlined here: https://hexdocs.pm/assent/0.1.15/Assent.Strategy.AzureAD.html, but I've encountered an error in the terminal when it redirects back to my application's Redirect URI after logging in and approving the Microsoft consent page: [error] Strategy failed with error: "Expected alg in ID Token to be \"HS256\", got \"RS256\""

Not sure if anyone else encountered this before?

danschultzer commented 3 years ago

Thanks, found the bug! Could you please try use {:assent, github: "pow-auth/assent", ref: "fix-azure", override: true} in your dependencies and see if this has been resolved? I'll release this update soon, but want to confirm that this solved it.

jonwcs commented 3 years ago

Yes, it's working now. Thanks for your help!

danschultzer commented 3 years ago

Thanks, new release of Assent is out. You can remove the assent dependency, and then just update your dependencies to get the latest version!

pehbehbeh commented 3 years ago

How do I remove the assent dependency? If I do this, I still get the old version 0.1.9.

$ mix deps.unlock assent

$ mix deps.unlock pow_assent

$ mix deps.get
...
New:
  assent 0.1.9
  pow_assent 0.4.10
...

If I manually remove the :pow_assent dependency from the mix.exs I also get the 0.1.9 version:

$ mix deps.clean --unused --unlock
* Cleaning assent
* Cleaning oauther
* Cleaning pow_assent

$ mix deps.get
...
New:
  assent 0.1.9
  oauther 1.1.1
  pow_assent 0.4.10
...

Do I have to add :assent to the mix.exs explicitly?

danschultzer commented 3 years ago

Odd, doesn't mix deps.update assent update it to 0.1.21? If nothing works then I guess you have to explicitly define it, but this might be an issue with hex. I'll test here to make sure it uses the latest.

pehbehbeh commented 3 years ago

Thanks for the quick reply. It was because of a conflict with an old mint dependency. I used version 0.1.0 because I blindly copied it from here. I updated it to 1.2.1 and now it works!

pehbehbeh commented 3 years ago

Sorry, I meant from here.

danschultzer commented 3 years ago

Great catch, updated both places, thanks!