Next Auth `iss` claim missing
Hi, I'm not sure whether to ask this in Next Auth/Auth.js server or here, but I assume here because the same Next Auth config works for other OIDC providers without modification.
When attempting to sign in with Better Auth + OIDC plugin, I receive this error from Next Auth:
OperationProcessingError: JWT "iss" (issuer) claim missing. Attached screenshot of supported claims from well-known endpoint on BA side, as you can see iss is listed, which makes me think BA is not the problem. Any ideas? If this is a Next Auth error after all, I'm confused why it works for other OIDC providers
EDIT: also asked in Auth.js server and linked back here: https://discord.com/channels/1200116961590399008/1354958631476531220/1354958631476531220
4 Replies
Here are the claims that come back to the client (notice these are most of the standard scope claims, just missing
iss):
Maybe this is a clue? This is logged prior to the aforementioned error. State parameter is missing
issuer from OIDC OP and OIDC RP config match
I got it! Fixed by adding this to
oidcProvider config: