Error using refresh_token because of missing audience although none is configured #6290
Closed
8 tasks done
Labels
priority/4/normal
Normal priority items
status/needs-triage
Issues which have not expressly been classified by a team member yet
status/resolved
Issue is resolved either by user action or a fix
type/bug
Confirmed Bugs
Milestone
Version
v4.37.5
Deployment Method
Docker
Reverse Proxy
Traefik
Reverse Proxy Version
2.1.0
Description
I have a working authelia instance with an custom web app using OIDC:
I can successfully authenticate using code workflow and validate the key. I also got the refresh_token.
But when trying to use the refresh token (POST request against https://authelia.example.com/api/oidc/token following OIDC spec with grant_type = refresh_token, client_id, client_secret, refresh_token and scope, the request fails with status code 400.
Following is part of log file:
I neither have configured any audience nor use send any with the request, but for some reason client_id is mentioned here as required audience.
Reproduction
Try to use a refresh token in an OIDC workflow without any audiance configured.
Expectations
No response
Configuration (Authelia)
Build Information
Logs (Authelia)
Logs (Proxy / Application)
No response
Documentation
No response
Pre-Submission Checklist
I agree to follow the Code of Conduct
This is a bug report and not a support request
I have read the security policy and this bug report is not a security issue or security related issue
I have either included the complete configuration file or I am sure it's unrelated to the configuration
I have either included the complete debug / trace logs or the output of the build-info command if the logs are not relevant
I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the Troubleshooting Sanitization reference guide
I have checked for related proxy or application logs and included them if available
I have checked for related issues and checked the documentation
The text was updated successfully, but these errors were encountered: