Fix compatibility with Auth0 for OpenID-Connect authentification.

See ramosbugs/openidconnect-rs#23

Author: lovasoa

CHANGELOG.md

@@ -1,5 +1,8 @@
 # CHANGELOG.md
 
+## 0.40.1
+ - Fix compatibility with Auth0 for OpenID-Connect authentification. See https://github.com/ramosbugs/openidconnect-rs/issues/23
+
 ## 0.40.0 (2025-11-28)
  - OIDC login redirects now use HTTP 303 responses so POST submissions are converted to safe GET requests before reaching the identity provider, fixing incorrect reuse of the original POST (HTTP 307) that could break standard auth flows.
  - SQLPage now respects [HTTP accept headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept) for JSON. You can now easily process the contents of any existing sql page programmatically with:

Cargo.toml

@@ -77,7 +77,7 @@ rustls-native-certs = "0.8.1"
 awc = { version = "3", features = ["rustls-0_23-webpki-roots"] }
 clap = { version = "4.5.17", features = ["derive"] }
 tokio-util = "0.7.12"
-openidconnect = { version = "4.0.0", default-features = false }
+openidconnect = { version = "4.0.0", default-features = false, features = ["accept-rfc3339-timestamps"] }
 encoding_rs = "0.8.35"
 odbc-sys = { version = "0.27.4", optional = true }
 

src/webserver/oidc.rs

@@ -853,4 +853,19 @@ mod tests {
             .expect("invalid location header");
         assert_eq!(location, "/foo");
     }
+
+    #[test]
+    fn parse_auth0_rfc3339_updated_at() {
+        let claims_json = r#"{
+            "sub": "auth0|123456",
+            "iss": "https://example.auth0.com/",
+            "aud": "test-client-id",
+            "iat": 1700000000,
+            "exp": 1700086400,
+            "updated_at": "2023-11-14T12:00:00.000Z"
+        }"#;
+        let claims: OidcClaims = serde_json::from_str(claims_json)
+            .expect("Auth0 returns updated_at as RFC3339 string, not unix timestamp");
+        assert!(claims.updated_at().is_some());
+    }
 }