OIDC with Azure not working

Till · August 7, 2025, 2:03pm

everestctl settings oidc configure \                             
    --issuer-url="https://login.microsoftonline.com/$TENANT/v2.0" \
    --client-id="$APP" \
    --scopes="openid,profile,email,$APP/.default"

I setup the application as an SPA with the correct redirect URL. I can “login”, but then then Everest stops with “internal error”.

I’ve inspected the logs:

{"level":"error","T":"2025-08-07T14:01:51Z","logger":"everest","caller":"session/manager.go:215","msg":"failed to shorten token: could not extract jti"}

I think by default the app is using the ID token, do I need access tokens? The docs are not clear on this. I’ve had this problem with 1.7.0 and also 1.8.0.

Till · August 8, 2025, 12:06pm

Posted on GitHub, was told it’s fixed by this: EVEREST-2210 Fix session blockList for MS Entra by maxkondr · Pull Request #1565 · percona/everest · GitHub

Topic		Replies	Views
OIDC Login ends in 401 (token signature is invalid) Percona Everest	8	155	October 8, 2024
OIDC login not working because of content security headers Percona Everest	1	72	June 3, 2025
Percona Everest 1.0.0 (GA) Released Percona Everest	3	159	July 25, 2024
Percona Cloud Tools - Google Broken login Percona Cloud Tools	5	1236	August 23, 2016
When is OpenID Connect Support Being Added? Percona Server for MongoDB percona	5	124	February 13, 2025

OIDC with Azure not working

Related topics