Kong OIDC plugin - invalid issuer error

Hi,

I am attempting to implement a client credentials flow, using Okta as idp.
In kong, I set config.issuer configuration to:
https://dev-xxxxxx.okta.com/oauth2/xxxxxx/.well-known/oauth-authorization-server

The returned token has an issuer which is a subset of this URL/:
https://dev-xxxxxx.okta.com/oauth2/xxxxxx

Kong then fails because it expects them to be the same:
2019/11/05 13:40:29 [notice] 23118#0: *1430947 [lua] handler.ljbc:0: [openid-connect] invalid issuer (https://dev-xxxxxx.okta.com/oauth2/xxxxxx) was specified for access token, https://dev-xxxxxx.okta.com/oauth2/xxxxxx/.well-known/oauth-authorization-serverwas expected, client: 216.172.64.18, server: kong, request: “GET /posts HTTP/1.1”, host: “ec2-3-228-156-158.compute-1.amazonaws.com:8443

I think it should just be checking that the issuer returned is a subset of the specified issuer endpoint … ??

Please advise,

Thx

Dave


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ