Skip to content

Commit

Permalink
Add missing openid scope when requesting JWT token (#2089)
Browse files Browse the repository at this point in the history 
According to the Zitadel documentation, `openid` scope is required
when requesting JWT tokens.

Apparently Zitadel was accepting requests without it until very
recently. Now lack thereof causes 400 Bad Requests which makes it
impossible to authenticate to the Netbird dashboard.

https://zitadel.com/docs/guides/integrate/service-users/client-credentials#2-authenticating-a-service-user-and-request-a-token
  • Loading branch information
@glaeqen
glaeqen authored Jun 4, 2024
1 parent 9b34497 commit 4da2945
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion management/server/idp/zitadel.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ func (zc *ZitadelCredentials) requestJWTToken() (*http.Response, error) {
data.Set("client_id", zc.clientConfig.ClientID)
data.Set("client_secret", zc.clientConfig.ClientSecret)
data.Set("grant_type", zc.clientConfig.GrantType)
data.Set("scope", "urn:zitadel:iam:org:project:id:zitadel:aud")
data.Set("scope", "openid urn:zitadel:iam:org:project:id:zitadel:aud")

payload := strings.NewReader(data.Encode())
req, err := http.NewRequest(http.MethodPost, zc.clientConfig.TokenEndpoint, payload)
Expand Down

0 comments on commit 4da2945

Please sign in to comment.