phpopenid-connectopenid

OpenID Connect Unable to verify JWT claims


i have issue while implementing Jumbojett OpenID Authentication. This is my code

$oidc = new OpenIDConnectClient(
                $this->config->item('SSO_PROVIDER_URL'),
                $this->config->item('SSO_CLIENT_ID'),
                $this->config->item('SSO_CLIENT_SECRET')
            );
$oidc->setVerifyHost(false);    //dev only
$oidc->setVerifyPeer(false);    //dev only
$oidc->setHttpUpgradeInsecureRequests(false);   //dev only
$isAuthenticate = $oidc->authenticate();

The provider url in the config.php file doesn't have trailing slash.. It looks like this (redacted with *)

$config['SSO_PROVIDER_URL'] = 'https://auth.****.**.id/auth/realms/***ura-**st';
$config['SSO_CLIENT_ID'] = '***ola-****';
$config['SSO_CLIENT_SECRET'] = '********************************';

That code actually works in my local pc, but somehow when i deploy it on the server it keeps throwing me this error

An uncaught Exception was encountered Type: Jumbojett\OpenIDConnectClientException Message: Unable to verify JWT claims Filename: /var/www/html/vendor/jumbojett/openid-connect-php/src/OpenIDConnectClient.php Line Number: 373 Backtrace: File: /var/www/html/application/controllers/Welcome.php Line: 56 Function: authenticate File: /var/www/html/index.php Line: 315 Function: require_once

Please help me, what is wrong?


Solution

  • Apparently the JWT claims fail to be verified is because $claims->exp and the server time time() on the verifyJWTClaims function in OpenIDConnectClient.php differs way past 5 minutes (the expiration time). Because my server is centos 9, I synchronize the server time using chronyd and it works now.