Philippe Höij
Philippe Höij
As a sidenote, I created a workaround for the time being. Until clarity is there, how to encode it properly to avoid double URI encodings will hard as the basic...
With the reference to Donny's remark on `:`, it should be allowed to be part of the URL, however there are a few things to note. See [Discord conversation item](https://discord.com/channels/689805612053168129/689886282830315563/1014101826431369267)...
Indeed in the UI there is something wonky. Replacing the key works though, which is another way of invalidating it for the time being ☀️ Mobila hälsningar // ... on...
It seems that Keycloak supports SHA256, whilst Auth0 and Azure have not started supporting it yet in their endpoints, where x5t is only SHA1. For Azure there is the additional...
How strange, I want your setup 😁 I downscaled the docker-compose.yml issue that reproduces the issue on my macOS Docker, with a minimal docker-compose that yields the error below. docker-compose.yml...
After a bit more investigation, it seems the issue with the keycloak JWKS is that the second key has a "use" key that is set to "enc" ([see rfc7517 for...
Adding `"alg": "RS256",` to each Microsoft provided signature key made its JWKS work too. It seems the ["alg" parameter is optional according to the RFC](https://datatracker.ietf.org/doc/html/rfc7517#section-4.4), and that the key usage...
Yay!!! Got JWT logins to work with Azure after adding an Azure ClaimsMapping manually, and mapping the username into the `user` field of the `User` instance in the `_system` database....
A separate topic I encountered while working on the JWT setup which rendered it hard to debug issue is that the TERMINUSDB_SERVER_JWKS_ENDPOINT variable has inconsistent naming in the docker startup...
When working on this, if there is a way to make the jti claim checking optional (ensure the jwt is only used once), it would help a lot to enable...