OIDC Token error: Signature verification failed

CGinMN · September 1, 2020, 7:44pm

trying to configure the Okta OIDC client. Getting error after authentication on Okta.

social_core.exceptions.AuthTokenError: Token error: Signature verification failed

should the discovery URL be configured somewhere? How does it know the jwks_uri to validate tokens?

Thanks

CGinMN · September 3, 2020, 5:35pm

found my issue. Documentation could use a little clarity. While it states the API URL should be:
This has subsequently had the ‘/v1/authorize’ removed. In productive deployments, this will likely resemble:
https://{company}.okta.com/oauth2/{authServerId}/

The source library documentation states:
https://python-social-auth.readthedocs.io/en/latest/backends/okta.html
Please note, do not use the /oauth2/default endpoint for Okta authentication:

“default” is the API authServerID that comes with Okta. Usually oidc clients have no issues using it. So when configuring galaxy oidc_config.xml and oidc_backend_config.xml, instead of https://{company}.okta.com/oauth2/{authServerId}/ use https://${company}.okta.com/oauth2/

cheers!

Topic		Replies	Views
OIDC Okta with Galaxy usegalaxy.org support server-admin , galaxy-local , cluster	1	225	July 7, 2023
SSL verfication failure contacting toolshed site server-admin , toolshed , api	7	929	September 21, 2021
Unable to activate Google OIDC login usegalaxy.org support server-admin , galaxy-docker	2	435	April 27, 2022
Sophos UTM Local Galaxy installation: When is error 403001 (API authentication required for this request) triggered? server-admin , galaxy-local	1	973	March 22, 2020
PAM login in 20.05	2	446	August 7, 2020

OIDC Token error: Signature verification failed

Related Topics