Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] email_verified Field Returned as String Causes Unmarshal Error in v0.24.0-beta.1 #2293

Closed
4 tasks done
mitchellkellett opened this issue Dec 14, 2024 · 0 comments · Fixed by #2297
Closed
4 tasks done

[Bug] email_verified Field Returned as String Causes Unmarshal Error in v0.24.0-beta.1 #2293

mitchellkellett opened this issue Dec 14, 2024 · 0 comments · Fixed by #2297
Labels
bug Something isn't working OIDC OpenID Connect related issues
Milestone
v0.24.0

Comments

@mitchellkellett
Copy link

Is this a support request?

  • This is not a support request

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

When running v0.24.0-beta.1, my IdP (JumpCloud) returns the email_verified field as a string instead of a boolean. This results in a decoding error when attempting to log in.

Error Message
failed to decode ID token claims: json: cannot unmarshal string into Go struct field OIDCClaims.email_verified of type bool

Expected Behavior

The application should handle email_verified as either a string ("true"/"false") or a boolean (true/false) to accommodate differences in IdP implementations.

Steps To Reproduce

  1. Configure JumpCloud as the IdP.
  2. Attempt to log in using v0.24.0-beta.1.
  3. Observe the error during the ID token decoding step.

Environment

- OS: Docker
- Headscale version: v0.24.0-beta.1
- Tailscale version: 1.78.1

Runtime environment

  • Headscale is behind a (reverse) proxy
  • Headscale runs in a container

Anything else?

JumpCloud JWT Decoded

{
  "at_hash": "dHPX6DeNSz-JmC6BCKrN-w",
  "aud": [
    "887f0974-fa68-426a-a634-995f2e6f0e6a"
  ],
  "auth_time": 1734209441,
  "email": "[email protected]",
  "email_verified": "true",
  "exp": 1734213044,
  "family_name": "K",
  "given_name": "Mitchell",
  "groups": [
    "Headscale-Users"
  ],
  "iat": 1734209444,
  "iss": "https://oauth.id.jumpcloud.com/",
  "jc_org": "z6l26ev8ckkf1bhj",
  "jti": "9c5ef43c-efde-4836-a6d1-17ca6aff98db",
  "middle_name": "",
  "name": "Mitchell",
  "preferred_username": "mitchell",
  "rat": 1734209416,
  "sid": "84db2a08-254b-42f7-a701-4ff73e6a1e6d",
  "sub": "at8zv29er4btuzih"
}
@mitchellkellett mitchellkellett added the bug Something isn't working label Dec 14, 2024
@kradalby kradalby added the OIDC OpenID Connect related issues label Dec 15, 2024
@kradalby kradalby added this to the v0.24.0 milestone Dec 15, 2024
kradalby added a commit to kradalby/headscale that referenced this issue Dec 15, 2024
@kradalby
fix issue where some oidc claim bools are sent as string
f541003 
Jumpcloud send invalid json, so we need to handle it.

Fixes juanfont#2293

Signed-off-by: Kristoffer Dalby <[email protected]>
@kradalby kradalby mentioned this issue Dec 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working OIDC OpenID Connect related issues
Projects
None yet
Milestone
v0.24.0
Development

Successfully merging a pull request may close this issue.

fix issue where some oidc claim bools are sent as string kradalby/headscale
2 participants
@kradalby @mitchellkellett