Invalid header in ID Token

  • Maciej Wiśniowski
    # 3 months, 2 weeks ago


    I’m evaluating miniOrange for the Oauth2 + OpenId Connect. I’ve configured miniOrange as IdP and used OAuth endpoints to authenticate but it seems that IdToken received has invalid header signature. It seems to be always: {‘kid’: ‘1’, ‘typ’: ‘JWT’, ‘alg’: ‘RS256’}

    I call the authorize endpointwith using the URL like (tried with/without opened scope – no difference):<myclientid>&redirect_uri=https%3A%2F%2Fmydomain.local%2Fcallback&scope=openid+profile+email&state=9W4yISyqzaDyS0XSffOKrHs8Dps3wV

    I receive a grant code and then (after the /token endpoint call) valid access token (works with userinfo endpoint) and idtoken, containing user data, but the header has always kid: 1 which makes it impossible to validate token against JDK:

    The same issue seems to be with the sample provided in miniOrange docs:

    The sample token in the docs is: “id_token”:”eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEifQ.eyJhdXRoX3RpbWUiOiJUaHUgQXByIDE2IDEzOjA2OjE4IElTVCAyMDE1IiwiZXhwIjoxNDMwMTY5Nzc4LCJzdWIiOiJkZW1vQG1pbmlvcmFuZ2UuY28uaW4iLCJub25jZSI6IkJ1U1MxSjktZllmaDgwYmVDOVdwM2Vwc1BCdHRpLVdmS09xdGlmWnMxa0UiLCJhdF9oYXNoIjoiMmY2ZnlqWGRRUmdWVTl3IiwiYXVkIjpbIkFuemp4NFNmM2FWZTZnZyJdLCJpc3MiOiJodHRwOlwvXC9sb2NhbGhvc3QiLCJpYXQiOjE0MjkxNjk3Nzh9.P6VXffhTX9B62tjupP8tWdv9eYpXCBnDtramHDDF2pYujcgNPntX1OrEieD1Uvswdk2qagOfm0HbfG3OtGa6xZ8Ixpqg7RDUusPRHFptcgSw9YlZtyv1CyIIh_eQ4yrfo2oHfwW-5aDIUO5tNmjoWrEK4NzR1fWYXRmL5eyu51o”

    When decoded using eg. it also shows the header as {
    “typ”: “JWT”,
    “alg”: “RS256”,
    “kid”: “1”

    What is wrong with that?

    # 3 months, 1 week ago

    Hi Maciej,

    This possibly looks like an issue with the setup and probably wrong RSA key is configured in the plugin which is causing invalid signature issue.

    Can you please email us screenshots of your configuration?

    We can also schedule a screen sharing session for the same.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.