angular-auth-oidc-client icon indicating copy to clipboard operation
angular-auth-oidc-client copied to clipboard
verified publisher icon damienbod

[Question]: Disable issuer URL validation for well known

Open amoeller83 opened this issue 3 months ago • 5 comments

What Version of the library are you using? 20.0.1

Question With the version 20 the library checks the issuerUrl provide in /.well-known/openid-configuration document with the provide well-know URL. If this does not match an error is thrown like

[ERROR] ##REALM'' - Issuer mismatch. Well known issuer https://URL/auth/realms/REALM does not match configured well known url https://ANOTHER-DOMAIN/auth/realms/REALM.

Is there a possibilty to turn off this validation?

amoeller83 avatar Sep 12 '25 07:09 amoeller83

Our current implementation also doesn't work with the latest version so would be interested in some means of disabling the validation.

joewIST avatar Sep 16 '25 08:09 joewIST

This should be classified as a bug not a question - this just cost me an hour of my life. No login with Entra ID is possible on v20 where v19 works without problems!

bigbasti avatar Sep 22 '25 22:09 bigbasti

We need to added a configuration property for this. Happy to take PRs

damienbod avatar Sep 23 '25 05:09 damienbod

PR: https://github.com/damienbod/angular-auth-oidc-client/pull/2136

amoeller83 avatar Sep 23 '25 12:09 amoeller83

Nice with a workaround. I cannot get Microsoft to work without it. But, ideally we should benefit from the new issuer verification. Is there any work done in regards to Microsoft+issuer verification? Can I help in any way? I use a multi-tenant setup.

This should preferably also be mentioned in the migration guide on the documentation web page. Took me a while to find this info!

origooo avatar Nov 18 '25 16:11 origooo