We’re getting the following error trying to sign up a new user with our own auth server:
Unknown iss claim in authorization token. Unable to find authentication profile with discovery endpoint https://xxxxxxx.com.
The auth profile has been created as an OpenID profile and definitely exists. The id_token sent to 8base contains the iss claim as the correct (and same as the auth profile) URL.
I’ve just enabled every single Role on the auth profile just to be certain, so there should be no role-based issues.
Any ideas where to start looking?
Can you give us more details on your auth server verify endpoint?
The openid-configuration is here: https://staging.puntclub.com/.well-known/openid-configuration
The auth profile has been set up with the OpenID Provider URL set to “https://staging.puntclub.com”
Everything goes smoothly until I query the current user and then receive an error:
await ctx.api.gqlRequest(CURRENT_USER_QUERY, {}, {
headers: {
"Authorization": `Bearer ${token}`
}
});
@evgeny.semushin can you please help verify that https://staging.puntclub.com/.well-known/openid-configuration
is a valid configuration/url for the OpenID set up to work?
1 Like
Looks like it was due to a missing kid header in the JWT. I really wish the error messages returned from 8base were a little more verbose
1 Like