damienbod
damienbod
This should work, I will validate Greeitngs Damien
Yes we need to release V14, I will try to push this forward
alg is invalid, how is the token signed? Do you run in https? Greetings Damien
If you are authenticating against Azure AD, here's an example to compare to: https://github.com/damienbod/AzureADAuthRazorUiServiceApiCertificate/tree/main/AngularAzureADMultipleApis/AngularCliAzureAD Or Azure AD B2C https://github.com/damienbod/azureb2c-fed-azuread/tree/main/AngularB2CClient
Will release this weekend 4.1.3
I would move away from HS256 and use RS256 , this is more secure.
@kumaresan-subramani I would need to look into this, I never used HS256 and do not plan to use this either, would recommend using RS256 or something better
You can disable this check using the configuration, or increase the window. This is how the OIDC spec is defined.
@abdullahqudeer your configuration looks good. You have set a 3 min window and disabled this. This should be good. I will check this, thanks for reporting. Maybe as a workaround,...
@abdullahqudeer I will validate that disabling the offset check works in V12 so that users with incorrect times can still authenticate. V12 should be released in the next few weeks....