[Bug] email_verified Field Returned as String Causes Unmarshal Error in v0.24.0-beta.1 #880

New Issue

adam · 2025-12-29T02:25:10+01:00

adam commented

2025-12-29 02:25:10 +01:00

Originally created by @mitchellkellett on GitHub (Dec 14, 2024).

Is this a support request?

This is not a support request

Is there an existing issue for this?

I have searched the existing issues

Current Behavior

When running v0.24.0-beta.1, my IdP (JumpCloud) returns the email_verified field as a string instead of a boolean. This results in a decoding error when attempting to log in.

Error Message
failed to decode ID token claims: json: cannot unmarshal string into Go struct field OIDCClaims.email_verified of type bool

Expected Behavior

The application should handle email_verified as either a string ("true"/"false") or a boolean (true/false) to accommodate differences in IdP implementations.

Steps To Reproduce

Configure JumpCloud as the IdP.
Attempt to log in using v0.24.0-beta.1.
Observe the error during the ID token decoding step.

Environment

- OS: Docker
- Headscale version: v0.24.0-beta.1
- Tailscale version: 1.78.1

Runtime environment

Headscale is behind a (reverse) proxy
Headscale runs in a container

Anything else?

JumpCloud JWT Decoded

{
  "at_hash": "dHPX6DeNSz-JmC6BCKrN-w",
  "aud": [
    "887f0974-fa68-426a-a634-995f2e6f0e6a"
  ],
  "auth_time": 1734209441,
  "email": "mitchell@example.com",
  "email_verified": "true",
  "exp": 1734213044,
  "family_name": "K",
  "given_name": "Mitchell",
  "groups": [
    "Headscale-Users"
  ],
  "iat": 1734209444,
  "iss": "https://oauth.id.jumpcloud.com/",
  "jc_org": "z6l26ev8ckkf1bhj",
  "jti": "9c5ef43c-efde-4836-a6d1-17ca6aff98db",
  "middle_name": "",
  "name": "Mitchell",
  "preferred_username": "mitchell",
  "rat": 1734209416,
  "sid": "84db2a08-254b-42f7-a701-4ff73e6a1e6d",
  "sub": "at8zv29er4btuzih"
}

Originally created by @mitchellkellett on GitHub (Dec 14, 2024). ### Is this a support request? - [X] This is not a support request ### Is there an existing issue for this? - [X] I have searched the existing issues ### Current Behavior When running v0.24.0-beta.1, my IdP (JumpCloud) returns the email_verified field as a string instead of a boolean. This results in a decoding error when attempting to log in. **Error Message** `failed to decode ID token claims: json: cannot unmarshal string into Go struct field OIDCClaims.email_verified of type bool` ### Expected Behavior The application should handle email_verified as either a string ("true"/"false") or a boolean (true/false) to accommodate differences in IdP implementations. ### Steps To Reproduce 1. Configure JumpCloud as the IdP. 2. Attempt to log in using v0.24.0-beta.1. 3. Observe the error during the ID token decoding step. ### Environment ```markdown - OS: Docker - Headscale version: v0.24.0-beta.1 - Tailscale version: 1.78.1 ``` ### Runtime environment - [X] Headscale is behind a (reverse) proxy - [X] Headscale runs in a container ### Anything else? JumpCloud JWT Decoded ```json { "at_hash": "dHPX6DeNSz-JmC6BCKrN-w", "aud": [ "887f0974-fa68-426a-a634-995f2e6f0e6a" ], "auth_time": 1734209441, "email": "mitchell@example.com", "email_verified": "true", "exp": 1734213044, "family_name": "K", "given_name": "Mitchell", "groups": [ "Headscale-Users" ], "iat": 1734209444, "iss": "https://oauth.id.jumpcloud.com/", "jc_org": "z6l26ev8ckkf1bhj", "jti": "9c5ef43c-efde-4836-a6d1-17ca6aff98db", "middle_name": "", "name": "Mitchell", "preferred_username": "mitchell", "rat": 1734209416, "sid": "84db2a08-254b-42f7-a701-4ff73e6a1e6d", "sub": "at8zv29er4btuzih" } ```

adam added the bug OIDC labels 2025-12-29 02:25:10 +01:00

adam closed this issue

2025-12-29 02:25:10 +01:00

adam referenced this issue

2025-12-29 02:31:21 +01:00

[PR #880] [CLOSED] Add logging to file #1707

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#880