omniauth-microsoft_graph icon indicating copy to clipboard operation
omniauth-microsoft_graph copied to clipboard

Published 20 hours ago verified publisher icon synth

Authentication failure (JWT::DecodeError)

Open pixiitech opened this issue 10 months ago • 3 comments

Some accounts are failing with this error while other work without any issues: dummy

ERROR -- omniauth: (microsoft_graph) Authentication Failure! Could not find public key for kid ----------

This 'kid' key doesn't match what I have set for my environment variables

pixiitech avatar Apr 16 '24 15:04 pixiitech

Can you check if the authenticating user has mail attribute set in Entra? I have seen authentication fail when this attribute is missing.

synth avatar Apr 17 '24 06:04 synth

@synth (I'm working on this with @pixiitech )

The admin/azure account has an email attribute set. The (Outlook) account attempting to log in via omniauth also has an email set up. This issue does not occur with all logins; thus far it has only happened with the one account.

Can you point us towards this error is thrown?

iandonovan avatar Apr 17 '24 14:04 iandonovan

I have not seen this specific error before unfortunately. I had seen a similar one though where the JWT token is nil...which occurred as I mentioned if you auth with an account that doesn't have a mail attribute set on it. This is different than userPrincipalName.

We recently added a security mechanism for domain verification. You can try reviewing the docs and/or turning it off: https://github.com/synth/omniauth-microsoft_graph?tab=readme-ov-file#domain-verification

synth avatar Apr 17 '24 16:04 synth