From c0ac8bf5ad1472032f5e37338ca77570116a7b89 Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Fri, 7 May 2021 11:59:39 +1000
Subject: [PATCH] fix: include the jwk key id in the jwt for validation (#1983)

This is so the sig key used to sign the JWT can be verified using the JWKS endpoint.

Fixes #1979
---
 internal/handlers/oidc.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/internal/handlers/oidc.go b/internal/handlers/oidc.go
index 7c6509391..9501512d7 100644
--- a/internal/handlers/oidc.go
+++ b/internal/handlers/oidc.go
@@ -100,7 +100,10 @@ func newDefaultOIDCSession(ctx *middlewares.AutheliaCtx) (session *openid.Defaul
 			Extra:       make(map[string]interface{}),
 		},
 		Headers: &jwt.Headers{
-			Extra: make(map[string]interface{}),
+			Extra: map[string]interface{}{
+				// TODO: Obtain this from the active keys when we implement key rotation.
+				"kid": "main-key",
+			},
 		},
 	}, err
 }