https://www.ory.sh/ logo
Join Slack
Powered by
Hello, using OIDC with Kratos to connect to Azure ...
# talk-kratos
m
Hello, using OIDC with Kratos to connect to Azure AD and getting this error on the OIDC callback from Azure AD.. any help on this would highly be appreciated..
Copy code
"message": "file:///etc/config/oidc.microsoft.jsonnet:21:1 Expected , or ; but got end of file\n\n\n\n"
the jsonnet I’m using:
Copy code
local claims = {
        role: 'user'
      } + local claims = std.extVar('claims');

      {
        identity: {
          traits: {
            // Allowing unverified email addresses enables account
            // enumeration attacks, especially if the value is used for
            // e.g. verification or as a password login identifier.
            //
            // If connecting only to your organization (one tenant), claims.email is safe to use if you have not actively disabled e-mail verification during signup.
            //
            // The email might be empty if the account is not linked to an email address.
            // For a human readable identifier, consider using the "preferred_username" claim.
            [if "email" in claims then "email" else null]: claims.email,
            role: claims.role
          }
        }
      }
adding 
;
at the end of the file as suggested by the error simply change the error to
Copy code
"message": "file:///etc/config/oidc.microsoft.jsonnet:21:1 Unexpected end of file\n\n\n\n"
I think I found the root cause.. installing 
Jsonnet
extension in 
vscode
was very helpful.. had to change the content this way:
Copy code
local claims = {
        role: 'user'
      } + std.extVar('claims');

      {
        identity: {
          traits: {
            // Allowing unverified email addresses enables account
            // enumeration attacks, especially if the value is used for
            // e.g. verification or as a password login identifier.
            //
            // If connecting only to your organization (one tenant), claims.email is safe to use if you have not actively disabled e-mail verification during signup.
            //
            // The email might be empty if the account is not linked to an email address.
            // For a human readable identifier, consider using the "preferred_username" claim.
            [if "email" in claims then "email" else null]: claims.email,
            role: claims.role
          }
        }
      }
removing the extra
Copy code
+ local claims =
11 Views
Open in Slack
PreviousNext
Powered by