Argo-cd: Oidc, aud field in the claim could be array

Created on 22 Apr 2020  路  2Comments  路  Source: argoproj/argo-cd

Describe the bug

I'm working on authentification using "Existing OIDC Provider" https://argoproj.github.io/argo-cd/operator-manual/user-management/#existing-oidc-provider. and my Claim look like this:
{"amr":"FORM","aud":["aud2","aud1"],"auth_time":1587557578,"azp":"key","exp":1587563541,"family_name":"toto","given_name":"toto","iat":1587541,"iss":"http://provider","login":"Toto","name":"Toto","roles":["ROLES-ADMIN"],"sub":"admin","user_type":"type"}

and I got this error invalid session: json: cannot unmarshal array into Go struct field StandardClaims.aud of type string

To Reproduce

The OIDC provider should send claim with an aud as array

Expected behavior

I can login when the aud in claim is an array

Version

argocd-server: v1.5.2+c2c19f4
  BuildDate: 2020-04-15T16:43:12Z
  GitCommit: c2c19f42ad78ed7a6fb70e86aed117be484feb50
  GitTreeState: clean
  GoVersion: go1.14
  Compiler: gc
  Platform: linux/amd64
bug high criticial sso
Source
picture chakch

Most helpful comment

The bug is in the library we are using to parse claims: https://github.com/dgrijalva/jwt-go/issues/348 . Last message says that v4.0.0-preview1 has the fix

picture alexmt on 22 Apr 2020
👍3

All 2 comments

The bug is in the library we are using to parse claims: https://github.com/dgrijalva/jwt-go/issues/348 . Last message says that v4.0.0-preview1 has the fix

alexmt picture alexmt on 22 Apr 2020
👍3

@alexmt Do we have any update on getting this issue fixed as its a breaking the SSO part even in 1.5.4 or 1.5.8 and we are blocked.

sudarshntn picture sudarshntn on 11 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hulu1522 picture hulu1522  路  3Comments
nouseforaname picture nouseforaname  路  3Comments
alexec picture alexec  路  3Comments
ksaito1125 picture ksaito1125  路  3Comments
chiragthaker picture chiragthaker  路  3Comments