Trek_CN/server
Julien G. 7798d2a3fd
fix(oidc): normalize id_token iss claim before issuer comparison (#837)
jwt.verify does an exact string match on the issuer. Providers like
Authentik include a trailing slash in the id_token iss claim while the
configured issuer is already normalized (no trailing slash), causing
every login attempt to fail with jwt issuer invalid.

Move the issuer check out of jwt.verify options and apply the same
trailing-slash normalization used in the discovery doc validation.
Also adds OIDC-SVC-033–036 unit tests covering exact match, trailing
slash, wrong issuer, and wrong audience cases.

Closes #834
2026-04-22 22:16:33 +02:00
..
assets refactor: move airports.json out of server/data into server/assets 2026-04-18 02:02:09 +02:00
public chore(CRLF): normalize index.html line endings to LF 2026-04-05 04:35:17 +02:00
scripts docs: add full wiki with 74 pages, assets, and CI workflow 2026-04-20 10:11:53 +02:00
src fix(oidc): normalize id_token iss claim before issuer comparison (#837) 2026-04-22 22:16:33 +02:00
tests fix(oidc): normalize id_token iss claim before issuer comparison (#837) 2026-04-22 22:16:33 +02:00
.env.example feat(login): add language dropdown, browser auto-detection and configurable default 2026-04-12 20:03:57 -03:00
package-lock.json chore: bump version to 3.0.2 [skip ci] 2026-04-22 19:25:28 +00:00
package.json chore: bump version to 3.0.2 [skip ci] 2026-04-22 19:25:28 +00:00
reset-admin.js Stabilize core: better-sqlite3, versioned migrations, graceful shutdown 2026-03-22 17:52:24 +01:00
tsconfig.json some fixes 2026-03-30 06:59:24 +02:00
vitest.config.ts refactor(mcp): replace direct DB access with service layer calls 2026-04-04 18:12:53 +02:00