i have issue while implementing Jumbojett OpenID Authentication. This is my code
$oidc = new OpenIDConnectClient(
$this->config->item('SSO_PROVIDER_URL'),
$this->config->item('SSO_CLIENT_ID'),
$this->config->item('SSO_CLIENT_SECRET')
);
$oidc->setVerifyHost(false); //dev only
$oidc->setVerifyPeer(false); //dev only
$oidc->setHttpUpgradeInsecureRequests(false); //dev only
$isAuthenticate = $oidc->authenticate();
The provider url in the config.php file doesn't have trailing slash.. It looks like this (redacted with *)
$config['SSO_PROVIDER_URL'] = 'https://auth.****.**.id/auth/realms/***ura-**st';
$config['SSO_CLIENT_ID'] = '***ola-****';
$config['SSO_CLIENT_SECRET'] = '********************************';
That code actually works in my local pc, but somehow when i deploy it on the server it keeps throwing me this error
An uncaught Exception was encountered Type: Jumbojett\OpenIDConnectClientException Message: Unable to verify JWT claims Filename: /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php Line Number: 373 Backtrace: File: /var/www/html/application/controllers/Welcome.php Line: 56 Function: authenticate File: /var/www/html/index.php Line: 315 Function: require_once
Please help me, what is wrong?
Apparently the JWT claims fail to be verified is because $claims->exp
and the server time time()
on the verifyJWTClaims function in OpenIDConnectClient.php differs way past 5 minutes (the expiration time).
Because my server is centos 9, I synchronize the server time using chronyd and it works now.