Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure AD: Add appid query param to wellKnown URL #5138

Merged
merged 1 commit into from Aug 12, 2022
Merged

Azure AD: Add appid query param to wellKnown URL #5138

merged 1 commit into from Aug 12, 2022

Conversation

MoritzKn
Copy link
Contributor

☕️ Reasoning

Relevant documentation:

If the application has custom signing keys as a result of using the claims-mapping feature, append an appid query parameter that contains the application ID to get a jwks_uri that points to the signing key information of the application, which should be used for validation.

🧢 Checklist

  • Documentation -> irrelevant, I think
  • Tests -> i don't think this code path is tested?
  • Ready to be merged -> no needs to be verified

I'm not sure if applications without this feature will simply ignore the query param or if it will break for them. If someone has an Azure AD setup, it'd be nice if they could test this.
Otherwise, maybe this needs to be a flag.

🎫 Affected issues

This fixes: #5137

@MoritzKn
Azure AD: Add appid query param to wellKnown URL
784ba8c 
This fixes: nextauthjs#5137
Relevent documentation:
> If the application has custom signing keys as a result of using the claims-mapping feature, append an appid query parameter that contains the application ID to get a jwks_uri that points to the signing key information of the application, which should be used for validation.

https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens#validating-the-signature
@vercel
Copy link

vercel bot commented Aug 11, 2022
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment
Name Status Preview Updated
next-auth ⬜️ Ignored (Inspect) Aug 11, 2022 at 6:33PM (UTC)

@github-actions github-actions bot added core Refers to `@auth/core` providers labels Aug 11, 2022
@balazsorban44 balazsorban44 merged commit a03657e into nextauthjs:main Aug 12, 2022
@ashtonlance
Copy link

When does this get released?

@MoritzKn MoritzKn deleted the patch-1 branch August 15, 2022 20:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThangHuuVu ThangHuuVu Awaiting requested review from ThangHuuVu ThangHuuVu is a code owner

Assignees
No one assigned
Labels
core Refers to `@auth/core` providers
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[OAUTH_CALLBACK_ERROR] no valid key found in issuer's jwks_uri for key parameters
3 participants
@MoritzKn @ashtonlance @balazsorban44