kratos: Microsoft B2C OIDC provider is using invalid `iss` value
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project’s Code of Conduct.
- I have read and am following this repository’s Contribution Guidelines.
- This issue affects my Ory Cloud project.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Describe your problem
I am trying to implement OAuth2 with Microsoft but the issuer URL returned does not match as Microsoft does not seem to follow the OIDC specification:
- https://github.com/coreos/go-oidc/issues/159#issuecomment-517750749
- https://github.com/MicrosoftDocs/azure-docs/issues/38427
An internal server error occurred, please contact the system administrator reason:Unable to initialize OpenID Connect Provider: oidc: issuer did not match the issuer returned by provider, expected "https://login.microsoftonline.com/common/v2.0" got "https://login.microsoftonline.com/{tenantid}/v2.0"
Describe your ideal solution
Add a configuration option to skip verification of the issue_url.
Workarounds or alternatives
I currently implement the OAuth2 endpoints myself but would like to switch to Ory Kratos.
Version
v0.9.0-alpha.3
Additional Context
No response
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 18 (7 by maintainers)
@mooijtech I understand that this issue is pressing to you. Everyone here is just trying to help. It would be great if you could use the edit button to update your comments and / or try out the suggestions made by others. If they do not work point to what’s missing, if they do work please share your findings in a technical manner.
Contrary to slack or other forms of communication like WhatsApp, a lot of people are monitoring the repository here and get email pings and notifications for every comment made, which is why we ask everyone to condens their technical findings into a well described comment that helps others helping you. Thanks! 😃
Please also keep in mind that it’s easter in many parts of the world and this is an open source community with a lot of volunteers working outside of their regular work to help with issues like yours.