From c0ac8bf5ad1472032f5e37338ca77570116a7b89 Mon Sep 17 00:00:00 2001 From: James Elliott Date: Fri, 7 May 2021 11:59:39 +1000 Subject: [PATCH] fix: include the jwk key id in the jwt for validation (#1983) This is so the sig key used to sign the JWT can be verified using the JWKS endpoint. Fixes #1979 --- internal/handlers/oidc.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/internal/handlers/oidc.go b/internal/handlers/oidc.go index 7c650939..9501512d 100644 --- a/internal/handlers/oidc.go +++ b/internal/handlers/oidc.go @@ -100,7 +100,10 @@ func newDefaultOIDCSession(ctx *middlewares.AutheliaCtx) (session *openid.Defaul Extra: make(map[string]interface{}), }, Headers: &jwt.Headers{ - Extra: make(map[string]interface{}), + Extra: map[string]interface{}{ + // TODO: Obtain this from the active keys when we implement key rotation. + "kid": "main-key", + }, }, }, err }