OIDC auth in 0.16.2 fails with "Failed to decode id token claims" #744
Comments
|
Just had the same issue here with a previously working keycloak instance.
|
|
Yup, I have the same issue as well on 0.16.2, and am getting the same error message. I'm using OIDC with Google OAuth. Is there some workaround we can use for now, or is this relatively easy to patch? |
|
I went back to 0.16.1 and did have the same error, so went back to 0.16.0 and was able to login correctly. |
Fix error decoding OIDC claims (#744)
|
Hey people, we have merged a fix in main already. Can you give a try before we release 0.16.3? |
|
I'm willing to try - is there a place we can download latest built binaries? (AMD64 in my case). |
|
Still using docker and some Kubernetes for all of my infra, so not so easy to try without a pre-release docker img (which I appreciate is a hassle to create each time). |
|
I built the main repo and updated. |
|
@kyhwana thanks for checking out. I will close this issue and open a new one on the registration. |
Bug description
After upgrading from 0.16.0 to 0.16.2 users are unable to authenticate using azure oidc, they get the error
Failed to decode id token claimsIn the logs is the following error:
Is this related to the changed line in oidc.go?
if err := idToken.Claims(claims); err != nil {To Reproduce
Have a user log out of the tailscale client then reauthenticate, using Azure AD OIDC. When the browser window opens it will attempt to auth via AAD and fail with the above error.
Context info
Headscale version 0.16.2.
tailscale client version 1.28.0
The text was updated successfully, but these errors were encountered: