Julien G. 7798d2a3fd fix(oidc): normalize id_token iss claim before issuer comparison (#837) ...

jwt.verify does an exact string match on the issuer. Providers like
Authentik include a trailing slash in the id_token iss claim while the
configured issuer is already normalized (no trailing slash), causing
every login attempt to fail with jwt issuer invalid.

Move the issuer check out of jwt.verify options and apply the same
trailing-slash normalization used in the discovery doc validation.
Also adds OIDC-SVC-033–036 unit tests covering exact match, trailing
slash, wrong issuer, and wrong audience cases.

Closes #834

2026-04-22 22:16:33 +02:00

..

assets

refactor: move airports.json out of server/data into server/assets

2026-04-18 02:02:09 +02:00

public

chore(CRLF): normalize index.html line endings to LF

2026-04-05 04:35:17 +02:00

scripts

docs: add full wiki with 74 pages, assets, and CI workflow

2026-04-20 10:11:53 +02:00

src

fix(oidc): normalize id_token iss claim before issuer comparison (#837)

2026-04-22 22:16:33 +02:00

tests

fix(oidc): normalize id_token iss claim before issuer comparison (#837)

2026-04-22 22:16:33 +02:00

.env.example

feat(login): add language dropdown, browser auto-detection and configurable default

2026-04-12 20:03:57 -03:00

package-lock.json

chore: bump version to 3.0.2 [skip ci]

2026-04-22 19:25:28 +00:00

package.json

chore: bump version to 3.0.2 [skip ci]

2026-04-22 19:25:28 +00:00

reset-admin.js

Stabilize core: better-sqlite3, versioned migrations, graceful shutdown

2026-03-22 17:52:24 +01:00

tsconfig.json

some fixes

2026-03-30 06:59:24 +02:00

vitest.config.ts

refactor(mcp): replace direct DB access with service layer calls

2026-04-04 18:12:53 +02:00