You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Successful OIDC authentication when using an Okta Authorization Server API URL (https://{{okta-domain}}/oauth2/{{authorization-server-id}}) instead of the default API URL (https://{{okta-domain}}/oauth2). This behaviour is consistent with current documentation. This issue is to request support for Okta Authorization Servers.
Actual behaviour
When trying to authenticate using OIDC, a Signature verification failed exception is thrown in social_core/backends/open_id_connect.py. Okta logs show successful app.oauth2.as.token.grant.access_token and successful app.oauth2.as.token.grant.id_token for the same authentication event.
What are the steps to reproduce this issue?
Configure an Okta Authorization Server (Security > API)
Use the generated Authorization Server URI as the authentication endpoint
Attempt to authenticate (exception thrown)
Use the default URI as the authentication endpoint
Attempt to authenticate (successful)
Any logs, error output, etc?
Exception traceback:
/opt/netbox/venv/lib/python3.11/site-packages/social_core/actions.py, line 49, in do_complete
user = backend.complete(user=user, redirect_name=redirect_name, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/opt/netbox/venv/lib/python3.11/site-packages/social_core/backends/base.py, line 39, in complete
return self.auth_complete(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/opt/netbox/venv/lib/python3.11/site-packages/social_core/utils.py, line 253, in wrapper
return func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
/opt/netbox/venv/lib/python3.11/site-packages/social_core/backends/oauth.py, line 418, in auth_complete
response = self.request_access_token(
/opt/netbox/venv/lib/python3.11/site-packages/social_core/backends/open_id_connect.py, line 254, in request_access_token
self.id_token = self.validate_and_return_id_token(
/opt/netbox/venv/lib/python3.11/site-packages/social_core/backends/open_id_connect.py, line 214, in validate_and_return_id_token
raise AuthTokenError(self, "Signature verification failed")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Any other comments?
This appears to be related/similar to issues 662 and 663
The text was updated successfully, but these errors were encountered:
Expected behaviour
Successful OIDC authentication when using an Okta Authorization Server API URL (
https://{{okta-domain}}/oauth2/{{authorization-server-id}}) instead of the default API URL (https://{{okta-domain}}/oauth2). This behaviour is consistent with current documentation. This issue is to request support for Okta Authorization Servers.Actual behaviour
When trying to authenticate using OIDC, a
Signature verification failedexception is thrown insocial_core/backends/open_id_connect.py. Okta logs showsuccessful app.oauth2.as.token.grant.access_tokenandsuccessful app.oauth2.as.token.grant.id_tokenfor the same authentication event.What are the steps to reproduce this issue?
Any logs, error output, etc?
Exception traceback:
Any other comments?
This appears to be related/similar to issues 662 and 663
The text was updated successfully, but these errors were encountered: