JWT/OIDC Token Verification

xkobal · March 28, 2022, 2:57pm

Hi,

I m trying to setup JWT Verification with JWT Token validation on my Vault Server.
My OIDC provider is Auth0.
I have read plenty of documentation and see that there is 3 ways of doing this:

Static Keys => it works but I don’t want to create others JWT Tokens, I want to validate the Auth0 tokens.
JWKS => it works
OIDC Discovery => I am not able to setup. I have tried a lot of different configuration and here is the error:

vault write auth/jwt/config \
    oidc_discovery_url="https://MYDOMAIN.eu.auth0.com/" \
    oidc_client_id=$AUTH0_CLIENT_ID \
    oidc_client_secret=$AUTH0_CLIENT_SECRET \
    bound_issuer="https://MYDOMAIN.eu.auth0.com/"

The returned error is:

hvac.exceptions.InvalidRequest: error configuring token validator: unsupported config type, on post http://localhost:8200/v1/auth/jwt/login

I don’t understand what I am missing on this configuration compared with the 2 others.

Please also note that OIDC Auth is working with that Auth0 application.

Thanks for your help.

Xavier

shohei · March 29, 2022, 4:24am

This was answered in JWT/OIDC Token Verification · Issue #200 · hashicorp/vault-plugin-auth-jwt · GitHub as well

xkobal · March 29, 2022, 7:24am

I confirm it works with the answer on this issue.

Topic		Replies	Views
Jwt authentication Vault	2	1193	November 3, 2021
Put Error 400 for auth/jwt/config (jwt enabled) Vault	1	144	February 11, 2024
Error verifying token: oidc: malformed jwt Vault	1	3611	November 25, 2020
Failing to create a policy using JWT claims Vault	1	883	December 5, 2021
Oidc json pointer not working for a custom claim where the key is a url Vault	2	581	September 28, 2020

JWT/OIDC Token Verification

Related topics