Greetings to all.
We deployed the Temporal service using the official Helm Chart.
Our company uses SSO based on the Authentik service.
In Values, I pass the following parameters:
additionalEnv:
- name: TEMPORAL_AUTH_LABEL
value: sso
- name: TEMPORAL_AUTH_TYPE
value: oidc
- name: TEMPORAL_AUTH_ENABLED
value: “true”
- name: TEMPORAL_AUTH_PROVIDER_URL
value: my_provider/application/o/temporal-test
- name: TEMPORAL_AUTH_ISSUER_URL
value: my_issuer/application/o/temporal-test/
- name: TEMPORAL_AUTH_CLIENT_ID
value: example
- name: TEMPORAL_AUTH_CLIENT_SECRET
value: example
- name: TEMPORAL_AUTH_CALLBACK_URL
value: “https://temporal-ui-test.example.com/auth/sso/callback”
- name: TEMPORAL_AUTH_SCOPES
value: “profile email openid”
When connecting to the web interface, I see a Login page with the button “Continue to SSO.”
When clicking it, I am redirected to Authentik as expected.
But after authorization, when returning to the Callback page
I get the following error:
{“message”:“Unable to verify ID Token: oidc: malformed jwt: square/go-jose: compact JWS format must have three parts”}
I don’t see error logs on the Authentik side and don’t know where to look for the issue.
Please advise what I might be doing wrong.