Opened 6 years ago
Closed 6 years ago
#1702 closed defect (invalid)
[NGINX Plus Openid connect]:audience check failed for array type field
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | critical | Milestone: | nginx-1.15 |
| Component: | nginx-package | Version: | 1.15.x |
| Keywords: | openid | Cc: | chuni.kukreja@… |
| uname -a: | Linux ubuntu 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: | NGINX Plus Release 17 (R17) | ||
Description
With nginx plus openid connect feature, if the id_token has "aud" field of type array (json array object). It fails to validate the token & returns failure.
Error Log: 2019/01/04 19:55:11 [error] 3435#3435: *2 js: OIDC ID Token validation error: missing claim(s) aud
As a workaround, if i disable the audience check from openid_connect.js script everything works fine.
Eg:
"aud": [
"https://identity.cloud.com/",
"e46481793d7744178d5df02d2e7f9a3e"
],
Other Details:
I have tested this on google cloud by creating nginx plus VM instance from marketplace which installs latest nginx mainline version.
And also have tested this on my local setup using one month nginx plus free trial.
Change History (2)
comment:1 by , 6 years ago
comment:2 by , 6 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
This Trac is for nginx. If you have issues with OpenID Connect integration for NGINX Plus, please use corresponding github repository to report them. (Just in case, this one seems to be duplicate of https://github.com/nginxinc/nginx-openid-connect/issues/6.)
I faced this issue with 3 legged authz code flow. And i believe this issue must persists with 2 legged flow as well.