OIDC Aud contains multiple values not just one #5190

New Issue

OVERLORD · 2026-02-05T09:47:15+03:00

OVERLORD commented

2026-02-05 09:47:15 +03:00

Originally created by @benni347 on GitHub (Feb 21, 2025).

Attempted Debugging

I have read the debugging page

Searched GitHub Issues

I have searched GitHub for the issue.

Describe the Scenario

I tried to add oidc to my bookstack instance, the sso service is zitadel self-hosted, with multiple organizations. The user has through that multiple aud entries in the aud key, via jwt.
I acctivated the sso dump feature this is the output:

{
  "iss": "https://sso.my.domain",
  "sub": "264809623519887363",
  "aud": [
    "283445348708450307",
    "269086577370660867@project",
    "306939337713451011",
    "308117379076915203",
    "269084476393390083"
  ],
  "exp": 1740192028,
  "iat": 1740148828,
  "auth_time": 1740148228,
  "amr": [
    "user",
    "mfa"
  ],
  "azp": "308117379076915203",
  "client_id": "308117379076915203",
  "at_hash": "at_hash",
  "sid": "V1_307981558940172291",
  "name": "FULL NAME",
  "given_name": "GIVEN NAME",
  "family_name": "FAMILY NAME",
  "locale": "en",
  "updated_at": 1714334837,
  "preferred_username": "USERNAME",
  "email": "email@my.domain",
  "email_verified": true
}

The error I am getting is:

ID token validation failed with error: Token audience value has 5 values, Expected 1

Exact BookStack Version

v24.12.1

Log Content

No response

Hosting Environment

Docker Compose with the linuxserver.io images.

Originally created by @benni347 on GitHub (Feb 21, 2025). ### Attempted Debugging - [x] I have read the debugging page ### Searched GitHub Issues - [x] I have searched GitHub for the issue. ### Describe the Scenario I tried to add oidc to my bookstack instance, the sso service is zitadel self-hosted, with multiple organizations. The user has through that multiple aud entries in the aud key, via jwt. I acctivated the sso dump feature this is the output: ```json { "iss": "https://sso.my.domain", "sub": "264809623519887363", "aud": [ "283445348708450307", "269086577370660867@project", "306939337713451011", "308117379076915203", "269084476393390083" ], "exp": 1740192028, "iat": 1740148828, "auth_time": 1740148228, "amr": [ "user", "mfa" ], "azp": "308117379076915203", "client_id": "308117379076915203", "at_hash": "at_hash", "sid": "V1_307981558940172291", "name": "FULL NAME", "given_name": "GIVEN NAME", "family_name": "FAMILY NAME", "locale": "en", "updated_at": 1714334837, "preferred_username": "USERNAME", "email": "email@my.domain", "email_verified": true } ``` The error I am getting is: ``` ID token validation failed with error: Token audience value has 5 values, Expected 1 ``` ### Exact BookStack Version v24.12.1 ### Log Content _No response_ ### Hosting Environment Docker Compose with the linuxserver.io images.

OVERLORD added the 🐕 Support label 2026-02-05 09:47:15 +03:00

OVERLORD closed this issue

2026-02-05 09:47:18 +03:00

OVERLORD commented

2026-02-05 09:47:20 +03:00

@ssddanbrown commented on GitHub (Feb 21, 2025):

Hi @benni347,
This is a known complication with Zitadel.

Please see my second example in my comment here: https://github.com/BookStackApp/BookStack/issues/4200#issuecomment-1526681299
This can be used via the logical theme system to reformat the multiple aud values to just one of the expected values.

Some other prior relevant threads: #4147, #4682

@ssddanbrown commented on GitHub (Feb 21, 2025): Hi @benni347, This is a known complication with Zitadel. Please see my second example in my comment here: https://github.com/BookStackApp/BookStack/issues/4200#issuecomment-1526681299 This can be used via the [logical theme system](https://github.com/BookStackApp/BookStack/blob/development/dev/docs/logical-theme-system.md#getting-started) to reformat the multiple `aud` values to just one of the expected values. Some other prior relevant threads: #4147, #4682

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#5190