fix: include the jwk key id in the jwt for validation (#1983)

This is so the sig key used to sign the JWT can be verified using the JWKS endpoint. Fixes #1979
2021-05-07 11:59:39 +10:00 · 2021-05-07 11:59:39 +10:00 · c0ac8bf5ad
parent 544373de17
commit c0ac8bf5ad
1 changed files with 4 additions and 1 deletions
--- a/internal/handlers/oidc.go
+++ b/internal/handlers/oidc.go
@ -100,7 +100,10 @@ func newDefaultOIDCSession(ctx *middlewares.AutheliaCtx) (session *openid.Defaul
 			Extra:       make(map[string]interface{}),
 		},
 		Headers: &jwt.Headers{
-			Extra: make(map[string]interface{}),
+			Extra: map[string]interface{}{
+				// TODO: Obtain this from the active keys when we implement key rotation.
+				"kid": "main-key",
+			},
 		},
 	}, err
 }