Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-06 20:40:08 -05:00
Code Issues Activity
logto/.changeset/serious-geese-admire.md

13 lines
828 B
Markdown
Raw Normal View History

fix(core): fix azure oidc sso connector authorization error (#5912) * fix(core): fix azure oidc sso connector authorization error fix azure oidc sso connector authorization error * chore: add changeset add changeset * chore: update changeset update changeset * fix(core): dynamicly verify multi-tenant azure oidc issuer dynamicly verify multi-tenant azure oidc issuer
2024-05-29 00:30:56 -05:00
---
"@logto/core": patch
---
fix Microsoft EntraID OIDC SSO connector invalid authorization code response bug
- For public organizations access EntraID OIDC applications, the token endpoint returns `expires_in` value type in number.
- For private organization access only applications, the token endpoint returns `expires_in` value type in string.
- Expected `expires_in` value type is number. (See [v2-oauth2-auth-code-flow](https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow#successful-response-2) for reference)
String type `expires_in` value is not supported by the current Microsoft EntraID OIDC connector, a invalid authorization response error will be thrown.
Update the token response guard to handle both number and string type `expires_in` value. Make the SSO connector more robust.
Reference in a new issue Copy permalink