Thank you for your reply.
Yes, the certificate used is th default_ssl certificate.
Yes we re-created the msso_config.json file, and re-compiled the mobile app with the new msso_config.json file.
But, as we observed, to validate the id_token the SDK doesn`t use the certificate in the msso_config file.
It uses the JSON Web Key Set (JWKS, available on [server host]/openid/connect/jwks.json).
But seems that the app caches the result for a while.
Original Message:
Sent: 03-08-2020 05:59 PM
From: Zhijun He
Subject: Error validating idtoken after mag ssl certificate update
Not very sure, but I believe the certificate to sign the JWT is the default ssl certificate, and it should be stored in msso_config.json.
Have you re-created the msso_config.json file, and re-compiled the mobile app with the new msso_config.json file?
Regards,
Mark
Original Message:
Sent: 03-06-2020 01:51 PM
From: Eduardo Oliveira
Subject: Error validating idtoken after mag ssl certificate update
We updated the MAG ssl certificate, and after that, the apps are getting an error. New installations work fine but old installations do not.
The error is on the User.Login, as we investigate the error is in the validation of the id_token returned by the mobile api gateway.
It looks like the SDK is trying to validate the id_token jwt using the old certificate. (Looks like it caches it somehow)
We made some policy changes to the gateway to force the id_token jwt to be generated with a new kid. So that he didn't have it in the cache and force the call to JWKS.
This worked for android but not for ios.