Quarkus OIDC guide example for OidcWiremock fails due to invalid audience #43939
-
I tried replicating the exact same example from this section of the OIDC code flow authentication guide but I go the following error:
I created this repository with the code: https://github.com/douglas444/oidc-mock-example/blob/main/src/test/java/WelcomeResourceTest.java But here is a copy of the test class:
The same test works if I set the client-id to |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
/cc @pedroigor (oidc), @sberyozkin (oidc) |
Beta Was this translation helpful? Give feedback.
-
Thanks @douglas444, Quarkus now enforces that the ID token |
Beta Was this translation helpful? Give feedback.
Thanks @douglas444, Quarkus now enforces that the ID token
aud
is set to the client id, while the OidcWiremock code was created earlier so when the ID token is generated, theaud
is set tohttps://id.server.example.com
. I guess those existing tests which use OidcWiremock for the CodeFlow tests customize it withquarkus.oidc.token.audience=https://id.server.example.com
.It may be tricky to have OIDC wiremock updated to use the client id for the ID token's
aud
because this OidcWiremock is used for different OIDC tenant test in theoidc-wiremock
which also may have different client ids, so simplest is to customize it at the test level