Jul 16 2020
07:50 AM
- last edited on
Jan 14 2022
04:30 PM
by
TechCommunityAP
Jul 16 2020
07:50 AM
- last edited on
Jan 14 2022
04:30 PM
by
TechCommunityAP
Hi,
I've encountered a very strange issue and I don't know how how this is happening. My set up is AWS Cognito as Authorization Server and AAD as IDP. Cognito is talking to AAD via OIDC protocol. When a user authenticates successfully, AAD issues a ID token and redirects back to Cognito. However this ID token is signed by a key that does not exist in JWKS doc.
This is my JWKS doc https://login.microsoftonline.com/1d063515-6cad-4195-9486-ea65df456faa/discovery/v2.0/keys.
I decoded an ID token and found a different signing key.
{
"typ": "JWT",
"alg": "RS256",
"kid": "ylQQc6jLgNEIt8AMAPm8jR27QCE"
}
I also noticed that this issue only happens to ID tokens. Access tokens are signed by a matching key in JWKS doc.
I tried signing from all devices and shut my laptop for a few hours but this issue still persists. I'm afraid my IT team can't help.
Does anyone know why this is happening?