0

I have activated Identity Aware Proxy on a GCP Load Balancer and configured it to authenticate the users against my OIDC Identity Provider (Auth0) through Google Identity Platform with a default login page hosted on Cloud Run.

When I browse my application I got redirected to the login page but then this happens:

Failed to fetch the discovery document from issuer

although the document is available and publicly reachable at that URL:

Auth0 discovery document

I followed GCP documentation step by step and cannot find any troubleshooting guide. Any thoughts?

Thanks

Improve this question
2
  • The OpenID Connect Metadata Document is public information. There is no need to mask that information. By hiding that information, we cannot run tests for you.
    – John Hanley
    Oct 4, 2021 at 19:23
  • Hi John, I know it's public but I hope you appreciate I need to redact my Company's name.
    – MariusPontmercy
    Oct 5, 2021 at 7:54

1 Answer 1

Reset to default
0

Ok, solved.

The problem was I had configured my Google Identity Platform OIDC Provider with the full metadata document URL

wrong URL

while only the issuer base URL was expected

right URL

Newbie mistake, I know, but the error message is misleading, IMO, because it reports the URL where the document actually is. If the returned message had been

Failed to fetch the discovery document from issuer: https://REDACTED.eu.auth0.com/.well-known/openid-configuration/.well-known/openid-configuration

the misconfiguration would have been immediately apparent.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .