Error OIDC Authorization Code with PKCE + JWT AccesToken
Concerned version
Version: 2.0.16
Platform: Docker
Summary
We try to authenticate a JS WebApp with OIDC Authorization Code with PKCE. When "Use JWT Format fore Access Token" is activated in OIDC Flow an error ocurs. Everything works well when this attribute is disabled.
Logs
[Mon Mar 13 13:46:22 2023] [LLNG:39] [notice] User dwho successfully authenticated at level 1
[Mon Mar 13 13:46:22 2023] [LLNG:39] [info] No notification found
[Mon Mar 13 13:46:22 2023] [LLNG:39] [notice] dwho connected
[Mon Mar 13 13:46:22 2023] [LLNG:39] [notice] User dwho is authorized to access to rp-unseen-labs
172.17.0.1 - - [13/Mar/2023:13:46:22 +0000] "POST /oauth2/authorize?client_id=oidc-demo&redirect_uri=http%3A%2F%2Flocalhost%3A5173%2Fcallback&response_type=code&scope=openid%20profile&state=db7a9fd263cf48e794fc5a123033b84c&code_challenge=MF_-Y6882G5pPmpZuYibcb6GCgofsUKqEGBCnbgUQDw&code_challenge_method=S256&response_mode=query HTTP/1.1" 302 5 "http://auth.example.com/oauth2/authorize?client_id=oidc-demo&redirect_uri=http%3A%2F%2Flocalhost%3A5173%2Fcallback&response_type=code&scope=openid%20profile&state=db7a9fd263cf48e794fc5a123033b84c&code_challenge=MF_-Y6882G5pPmpZuYibcb6GCgofsUKqEGBCnbgUQDw&code_challenge_method=S256&response_mode=query" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0"
[Mon Mar 13 13:46:26 2023] [LLNG:41] [info] No cookie found
[Mon Mar 13 13:46:26 2023] [LLNG:40] [info] No cookie found
172.17.0.1 - - [13/Mar/2023:13:46:26 +0000] "GET /.well-known/openid-configuration HTTP/1.1" 200 1520 "http://localhost:5173/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0"
172.17.0.1 - - [13/Mar/2023:13:46:26 +0000] "GET /.well-known/openid-configuration HTTP/1.1" 200 1520 "http://localhost:5173/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0"
[Mon Mar 13 13:46:26 2023] [LLNG:42] [info] No cookie found
[Mon Mar 13 13:46:26 2023] [LLNG:42] [error] Algorithm RS256 needs a Private Key to sign JWT
Use of uninitialized value $value in concatenation (.) or string at /usr/share/perl5/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm line 1581.
Use of uninitialized value in subroutine entry at /usr/share/perl5/Lemonldap/NG/Portal/Lib/OpenIDConnect.pm line 1585.
Backends used
Demonstration Backend