Skip to content

Fix IS Token Validation issues with AsgardeoV2 (Thunder) #342

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
brionmario merged 3 commits into from
Jan 29, 2026
Merged

Fix IS Token Validation issues with AsgardeoV2 (Thunder) #342

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
db7831d
Update I18nMetadata to allow string type for direction property
brionmario Jan 29, 2026
d12bf46
Add support for AsgardeoV2 platform in AuthenticationHelper to comply…
brionmario Jan 29, 2026
ff86e3b
Add changeset 🦋
brionmario Jan 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .changeset/cool-crews-press.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
'@asgardeo/javascript': patch
'@asgardeo/i18n': patch
---

Add support for AsgardeoV2 platform in AuthenticationHelper to comply with RFC 8414
2 changes: 1 addition & 1 deletion packages/i18n/src/models/i18n.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ export interface I18nMetadata {
countryCode: string;
languageCode: string;
displayName: string;
direction: I18nTextDirection;
direction: I18nTextDirection | string;
}

export interface I18nBundle {
Expand Down
15 changes: 15 additions & 0 deletions packages/javascript/src/__legacy__/helpers/authentication-helper.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,10 @@ import OIDCDiscoveryConstants from '../../constants/OIDCDiscoveryConstants';
import TokenExchangeConstants from '../../constants/TokenExchangeConstants';
import {AsgardeoAuthException} from '../../errors/exception';
import {IsomorphicCrypto} from '../../IsomorphicCrypto';
import {Config} from '../../models/config';
import {JWKInterface} from '../../models/crypto';
import {OIDCDiscoveryEndpointsApiResponse, OIDCDiscoveryApiResponse} from '../../models/oidc-discovery';
import {Platform} from '../../models/platforms';
import {SessionData} from '../../models/session';
import {IdToken, TokenResponse, AccessTokenApiResponse} from '../../models/token';
import {User} from '../../models/user';
Expand Down Expand Up @@ -145,6 +147,19 @@ export class AuthenticationHelper<T> {
.USERINFO]: `${baseUrl}${OIDCDiscoveryConstants.Endpoints.USERINFO}`,
};

// For AsgardeoV2 (Thunder), the issuer must be the base URL (e.g., https://localhost:8090)
// to comply with RFC 8414 (Section 2 & 3) and OpenID Connect Discovery specs.
// The issuer should be a URL using "https" scheme with no query or fragment components.
// The well-known metadata endpoint is derived by inserting "/.well-known/oauth-authorization-server"
// between the host and path components of the issuer identifier.
// Reference: https://datatracker.ietf.org/doc/html/rfc8414#section-2
// Trackers:
// - https://github.com/asgardeo/thunder/issues/815
// - https://github.com/asgardeo/javascript/issues/322
if ((configData as Config).platform === Platform.AsgardeoV2) {
defaultEndpoints[OIDCDiscoveryConstants.Storage.StorageKeys.Endpoints.ISSUER] = `${baseUrl}`;
}

return {...defaultEndpoints, ...oidcProviderMetaData};
}

Expand Down
Loading