OIDC: where to store public key in vaultwarden?

[BackSpace54]

Hello,
i've setup an oidc auth with an internal Central Authentication Service but got errors at signature verification step:

[vaultwarden::sso][ERROR] Could not read id_token claims, Signature verification failed
[INFO] (login) POST /identity/connect/token => 400 Bad Request

I've got the public key from oidc and checked the state of the token ("alg": "RS256") at https://jwt.io (pasted the token from vaultwarden console (SSO_DEBUG_TOKENS=true + LOG_LEVEL=debug) and the public key --> got signature verified mention)

My question is where to store the public key in vaultwarden instance and to what filename?
Best regards.

[BackSpace54]

Hi again,
after thinking about it, maybe to achieve this it's to get the public key from the generated rsa_key.pem file then get the JWK from public key (PEM to JWK) then provide the info to the JWKS of my internal CAS.
So the token is signed with the public key from the vaultwarden instance.
Is this right to do it this way?
Thanks.

[BackSpace54]

Hi,
problem solved by using a CAS v6+.

[CodeWithCJ]

Hi, problem solved by using a CAS v6+.

Could you tell me how to setup OIDC. Does it work with Bitwarden mobile app as well? I want to configure Cloudflare authentication but mobile app doesn't seem to work.