lua-resty-openidc icon indicating copy to clipboard operation
lua-resty-openidc copied to clipboard

Published 20 hours ago verified publisher icon zmartzone

Support using x5t header as kid if kid is not returned by ADFS

Open pedroquien opened this issue 6 years ago • 1 comments

ADFS does not set the kid so when there are multiple keys openidc does not know which key to use. If we can use x5t to id the key that would be great.

Environment
  • lua-resty-openidc version (e.g. 1.7.0)
  • OpenID Connect provider (e.g. Keycloak, Azure AD)
Expected behaviour
Actual behaviour
Minimized example

Minimal, complete configuration that reproduces the behavior.

Configuration and NGINX server log files

Config and logs for the minimized example, possibly provided as attachments.

pedroquien avatar Feb 12 '19 20:02 pedroquien

walking the keys that match the signature type would be alternative acceptable behavior IMHO

zandbelt avatar Feb 12 '19 20:02 zandbelt