fix: include the jwk key id in the jwt for validation (#1983)

This is so the sig key used to sign the JWT can be verified using the JWKS endpoint.

Fixes #1979
This commit is contained in:
James Elliott 2021-05-07 11:59:39 +10:00 committed by GitHub
parent 544373de17
commit c0ac8bf5ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -100,7 +100,10 @@ func newDefaultOIDCSession(ctx *middlewares.AutheliaCtx) (session *openid.Defaul
Extra: make(map[string]interface{}),
},
Headers: &jwt.Headers{
Extra: make(map[string]interface{}),
Extra: map[string]interface{}{
// TODO: Obtain this from the active keys when we implement key rotation.
"kid": "main-key",
},
},
}, err
}