JWT/OIDC Token Verification

Hi,

I m trying to setup JWT Verification with JWT Token validation on my Vault Server.
My OIDC provider is Auth0.
I have read plenty of documentation and see that there is 3 ways of doing this:

  • Static Keys => it works but I don’t want to create others JWT Tokens, I want to validate the Auth0 tokens.
  • JWKS => it works
  • OIDC Discovery => I am not able to setup. I have tried a lot of different configuration and here is the error:
vault write auth/jwt/config \
    oidc_discovery_url="https://MYDOMAIN.eu.auth0.com/" \
    oidc_client_id=$AUTH0_CLIENT_ID \
    oidc_client_secret=$AUTH0_CLIENT_SECRET \
    bound_issuer="https://MYDOMAIN.eu.auth0.com/"

The returned error is:

hvac.exceptions.InvalidRequest: error configuring token validator: unsupported config type, on post http://localhost:8200/v1/auth/jwt/login

I don’t understand what I am missing on this configuration compared with the 2 others.

Please also note that OIDC Auth is working with that Auth0 application.

Thanks for your help.

Xavier

This was answered in JWT/OIDC Token Verification · Issue #200 · hashicorp/vault-plugin-auth-jwt · GitHub as well

1 Like

I confirm it works with the answer on this issue.