Unable to verify JWT claims in /var/www/html/mw/vendor/jumbojett/openid-connect-php/OpenIDConnectClient.php:281 about openid-connect-php HOT 5 CLOSED

/var/www/html/mw/vendor/jumbojett/openid-connect-php/OpenIDConnectClient.php:281

@Ralle75 This is a security check. Set your debugger here and find out what doesn't match and correct the settings.

from openid-connect-php.

sorry but what do you mean with set you debugger here?
can I output this value? if yes which value is this?

from openid-connect-php.

@Ralle75 If you have a PHP env with a debugger, set a breakpoint here and examine the conditions. https://github.com/jumbojett/OpenID-Connect-PHP/blob/master/src/OpenIDConnectClient.php#L747

Alternatively, you could alter the code to help troubleshoot.

/* Begin Debug */
print_r($claims);
if (!($claims->iss == $this->getProviderURL()) print "check 1 failing";
// etc...
/* End Debug */
        return (($claims->iss == $this->getProviderURL())
            && (($claims->aud == $this->clientID) || (in_array($this->clientID, $claims->aud)))
            && ($claims->nonce == $this->getNonce())
            && ( !isset($claims->exp) || $claims->exp >= time())
            && ( !isset($claims->nbf) || $claims->nbf <= time())
            && ( !isset($claims->at_hash) || $claims->at_hash == $expecte_at_hash )

Make sense?

from openid-connect-php.

there is a difference between iss (https://server_fqdn:443/oauth2/token) and ProviderURL (https://server_fqdn:443/oauth2/oidcdiscovery)

from openid-connect-php.

I am using an old(er) library version of somewhere after v0.3 but before 1 oct 2017.
Had the same problem on my dev PC (Windows 10 with WAMP), although it worked on my production server (Linux/Nginx).
This line failed on me in OpenIDConnectClient.php:
( !isset($claims->nbf) || $claims->nbf <= time())

I "fixed" it by adding 2:
( !isset($claims->nbf) || $claims->nbf <= time()+2)

Sometimes the timing was off by 1 sec, sometimes 2 sec. Could this be because the time on my identity server is 1-2 sec off with my local dev PC?

Looks like @ahamilton9 had the same problem: #44 (comment)

Update:
I see this is fixed in v0.6 https://github.com/jumbojett/OpenID-Connect-PHP/releases/tag/0.6.0:

Added
    Added five minutes leeway due to clock skew between openidconnect server and client.

from openid-connect-php.