Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aud OIDC/JWT claim can be corrupted with binary data #87

Open
bradjones1 opened this issue Aug 21, 2023 · 0 comments
Open

aud OIDC/JWT claim can be corrupted with binary data #87

bradjones1 opened this issue Aug 21, 2023 · 0 comments

Comments

@bradjones1
Copy link
Contributor

Thanks so much for this awesome library.

In using this locally, I was getting an error when parsing the JWT token's claims, there is binary data output at the start of the query string when using the callback URL/default audience of http://192.168.50.10:8082/kinksters_matching/introduction_received_followup?external_bearer_token.

If I set the audience to something like 1234 it works fine, as do other query callback URLs such as http://192.168.50.10:8082/kinksters_matching/introduction_retry_after_expiry?external_bearer_token. I thought perhaps there was a length limit, however this working URL/audience is longer than the one that is broken. It's also suspicious that the base64-encoded JWT payload consistently goes binary right at the ? in the query string.

I've poked around the sources a bit and haven't found anything relating to the construction of the audience that strikes out at me. However, I'm not really a Golang developer so my debugging is limited here.

Anyone seen something similar to this? Curious how it's very dependent on the URL provided.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bradjones1