Preflight Checklist

• I could not find a solution in the existing issues, docs, nor discussions
• I have joined the ZITADEL chat

Describe your problem

Logging in to IncusOS configured for SSO using Microsoft Entra as IdP results in this error:

{“type”: “error”,“status”: “”,“status_code”: 0,“operation”: “”,“error_code”: 401,“error”: “Failed to authenticate: failed to unmarshal response: json: cannot unmarshal string into Go struct field AccessTokenResponse.expires_in of type uint64 {“token_type”:“Bearer”,“expires_in”:“3599”,“ext_expires_in”:“3599”,“expires_on”:“1763425407”,“access_token”:"”,“metadata”: null}

This is a long-standing issue with the data types in the access token response that Entra returns.

Describe your ideal solution

Like for AWS incognito in #137 and Auth0 in #292, zitadel/oidc could be able to parse also non-compliant fields used in the wild.

Version

3.45.0

Environment

Self-hosted

Additional Context

I am using the Zitadel OIDC library embedded in IncusOS.

I marked this as a feature since it is a non-compliant implementation of OIDC in Entra and not a bug with zitadel/oidc