-
|
I am connecting to a company OIDC compliant id provider. I'm getting errors that I cannot debug or get around: providers: [
{
id: "idam",
name: "acmeIDAM",
type: "oidc",
wellKnown: "https://idam.acme.com/oauth2/authorize/.well-known/openid-configuration",
authorization: "https://idam.acme.io/oauth2/authorize",
token: "https://idam.acme.io/oauth2/token",
userinfo: "https://idam.acme.io/oauth2/userinfo",
clientId: process.env.OIDC_CLIENT_ID,
clientSecret: process.env.OIDC_CLIENT_SECRET,
profile(profile, tokens) {
console.log("oauth profile ", profile, " tokens: ", tokens);
return {
id: profile.id,
name: profile?.name,
};
},
},
],
basePath: "/auth",
callbacks: {
authorized({ request, auth }) {
const { pathname } = request.nextUrl
if (pathname === "/middleware-example") return !!auth
return true
},
jwt({ token, trigger, session, account }) {
console.log(`jwt callback: ${token} ${trigger} ${account}`)
if (trigger === "update") token.name = session.user.name
if (account?.provider === "keycloak") {
return { ...token, accessToken: account.access_token }
}
return token
},
async session({ session, token }) {
console.log(`session callback: ${token} ${session}`)
if (token?.accessToken) {
session.accessToken = token.accessToken
}
return session
},
},
experimental: {
enableWebAuthn: true,
},
debug: process.env.NODE_ENV !== "production" ? true : false,
} satisfies NextAuthConfigThis leads to this error: But I cannot figure out what the value is. Adding into the configuration |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
This is probably due to the fact that you cannot access the following URL. |
Beta Was this translation helpful? Give feedback.
-
|
Its a company internal ID provider which spans a bunch of applications. IDAM stands for ID access and management. Acme is redacting the name of the company. Here is the response from this endpoint: PS C:\Users\me\Code\next-auth-example> curl https://idam.acme.com/oauth2/authorize/.well-known/openid-configuration
Removing the wellknown configuration and just leaving the rest also reslts in the same error about iss claim value. Also worth noting, which I click sign in with IDAM, it tkaes me to the right authentication page that takes my company information, MFA, and then after I successfully log into the company portal, I get this error coming back to the localhost website. |
Beta Was this translation helpful? Give feedback.
-
|
I fix this issue by going to my companies identity provider and figuring out what was the correct issuer value. In this case it was not local host, but rather it was the URL of the application within the identity provider and its token call back. Like https://idam.acme.io/appname/oauth2/token. Putting that into the issuer of auth.ts fixed the issue. |
Beta Was this translation helpful? Give feedback.
I fix this issue by going to my companies identity provider and figuring out what was the correct issuer value. In this case it was not local host, but rather it was the URL of the application within the identity provider and its token call back.
Like https://idam.acme.io/appname/oauth2/token.
Putting that into the issuer of auth.ts fixed the issue.