Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

/oauth2/token return id_token with malformed updated_at (scientific notation) #3850

Open
3 of 5 tasks
kghost opened this issue Sep 27, 2024 · 3 comments
Open
3 of 5 tasks
Labels
bug Something is not working.

Comments

@kghost
Copy link

kghost commented Sep 27, 2024

Preflight checklist

Ory Network Project

No response

Describe the bug

/oauth2/token returns a json with id_token, after base64 decoding, I got following json:

{
  "amr":["password"],
  "at_hash":"xxx",
  "aud":["xxx"],
  "auth_time":1727351026,
  "email":"xxx@example.com",
  "email_verified":true,
  "exp":1727473364,
  "iat":1727408564,
  "iss":"https://hydra.example.com/",
  "jti":"xxx",
  "preferred_username":"xxx",
  "rat":1727408564,
  "sid":"xxx",
  "sub":"xxx",
  "updated_at":1.705586667e+09
}

Everything is fine except that updated_at is in scientific notation.

And my application kratos returns an error:

json: cannot unmarshal number 1.705586667e+09 into Go struct field Claims.updated_at of type int64

Reproducing the bug

Environment:
Oauth2 Provider: Kratos(v1.2.0) + Hydra(v2.2.0) + UI(v0.14.1)
Application: Kratos(v1.2.0) + UI(v0.14.1)

I can confirm that /admin/oauth2/auth/requests/consent/accept endpoint got currect claims:

{
  "grant_scope":["openid","email","profile"],
  "grant_access_token_audience":[],
  "session":{
    "access_token":{},
    "id_token":{
      "email":"xxx@example.com",
      "email_verified":true,
      "preferred_username":"xxx",
      "updated_at":1705586667
    }
  }
}

I also checked the database, and confirms that hydra_oauth2_flow table contains correct session_id_token:

select requested_at, session_id_token from hydra_oauth2_flow where client_id = 'xxx' and subject = 'xxx' order by requested_at;
+---------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| requested_at        | session_id_token                                                                                                                  |
+---------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| 2024-09-27 03:53:32 | {"email": "xxx@example.com", "updated_at": 1705586667, "email_verified": true, "preferred_username": "xxx"}    |
+---------------------+-----------------------------------------------------------------------------------------------------------------------------------+

Relevant log output

No response

Relevant configuration

No response

Version

v2.2.0

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Kubernetes with Helm

Additional Context

No response

@kghost kghost added the bug Something is not working. label Sep 27, 2024
@aeneasr
Copy link
Member

aeneasr commented Oct 21, 2024

Thank you for the report - the problem is likely an incorrect JSON encoder somewhere deep down in fosite. If you have an idea where this could come from, we appreciate help in pinning down the issue!

@aeneasr
Copy link
Member

aeneasr commented Oct 21, 2024

Looks like this is fixed on master: #3819

@kghost
Copy link
Author

kghost commented Oct 23, 2024

Thanks @aeneasr I'll be glad to verify it when the fix is released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something is not working.
Projects
None yet
Development

No branches or pull requests

2 participants