Authenticating with external OpenID Connect Provider fails because of special chars in user name
Concerned version
Version: 2.1.0
Platform: Apache
Summary
Authenticating with external Open ID Connect provider fails, if there are some special signs in the returned JWT. I got the error "Issuer mismatch". The problem was, that in the sub-attribute, there were special chars.
Possible fixes
In the file Auth/OpenIdConnect at line 189 replace:
$self->decodeJSON( decode_base64($id_token_payload) );
with
$self->decodeJSON( decode_base64url($id_token_payload) );
And add at the end of the file, like in Lib/OpenIdConnect.pm
sub decode_base64url {
my $s = shift;
$s =~ tr[-_][+/];
$s .= '=' while length($s) % 4;
return decode_base64($s);
}
This fixed it for me.