-
Notifications
You must be signed in to change notification settings - Fork 843
Making kid in id_token optional #96
Comments
Do you have a link for their metadata/jwks, or a sample that I can look at? |
Here's a discussion regarding this "kid" issue in the hydra project: ory/hydra#222 Example id_token: {
"alg": "RS256",
"typ": "JWT"
}
{
"aud": "d7f2ee09-8d28-4be2-bb89-ce3a5e7c3217",
"auth_time": 1471691398,
"exp": 1471694997,
"iat": 1471691398,
"iss": "hydra.localhost",
"nonce": "wqwdpdahrbeotxwzqaldhyow",
"sub": "john.doe@me.com"
} |
Hey, I'm the author of hydra. According to the OIDC spec, the Asymmetric signing however does not know a Sources: |
An exemplary JWK set used for signing the ID token in Hydra looks like:
|
So what do you say @brockallen ? |
Yes, I'm willing to look into. I've just been swamped with other work at the moment. I'll look into it when I get time. |
Hello, I got the same issue using CXF OIDC Authorization server. If it can be of any help, here are the informations I mhave on my side. Here's the id token returned by CXF :
And the jwk :
|
Ok, thanks. I'm still swamped with IdentityServer4. Once we RTM then I'll be able to get back to this. |
PR merged. thanks |
Awesome! |
Great library! Thank you so much for providing this!
Can you make kid in id_token optional?
(It's optional in the spec)
I use hydra for handling OIDC, and it doesn't always issue id_tokens with a key id.
oidc-client-js fails to validate those tokens
The text was updated successfully, but these errors were encountered: