Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document default authentik_certificate_key_pair relationship to authentik_provider_oauth2.signing_key #501

Open
hh opened this issue Apr 30, 2024 · 0 comments
Open

Document default authentik_certificate_key_pair relationship to authentik_provider_oauth2.signing_key #501

hh opened this issue Apr 30, 2024 · 0 comments

Comments

@hh
Copy link

hh commented Apr 30, 2024

I was working with the authentik_provider_oauth2 resource, and left the signing_key blank.

When creating a provider via the web UI, the value for signing_key defaults to "authentik Self-signed Certificate".

If you fail to set signing_key and leave the default empty string, you will end up with a somewhat cryptic error about a malformed jwt and an unexpected signature algorithm:

{
"message":"Failed to verify OIDC token.",
"detail":"oidc: malformed jwt: go-jose/go-jose: unexpected signature algorithm \"HS256\";
expected [\"RS256\"]"
}

It seems that authentik_provider_oauth2 would likely never work if signing_key is left to the default of an empty string.

I suggest making it required or at a minimum documenting it's usage a bit further in these two locations:
@hh hh changed the title Document default *authentik_certificate_key_pair* relationship to *authentik_provider_oauth2*.signing_key Document default authentik_certificate_key_pair relationship to authentik_provider_oauth2.signing_key Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hh