Comments (11)
Hi!
This is pretty much how I do it for our custom build for us internally.
Did I get you right that you use the same credentials on the commandline and it works?
Cheers!
Daniel
from dexter.
from dexter.
I have a hard time replicating this issue. Here's what I do:
❯ CLIENT_ID=REDACTED.apps.googleusercontent.com CLIENT_SECRET=REDACTED OS=darwin make build
building: bin/amd64/dexter
CGO_ENABLED=0 \
GOOS=darwin \
GOARCH=amd64 \
go build \
-o build/dexter_darwin_amd64 \
-ldflags "-X github.com/gini/dexter/version.VERSION=0.2.v0.2.1-dirty \
-X github.com/gini/dexter/version.GITHASH=v0.2.1-dirty \
-X github.com/gini/dexter/version.DOB=1550491673 \
-X github.com/gini/dexter/cmd.defaultClientID=REDACTED.apps.googleusercontent.com \
-X github.com/gini/dexter/cmd.defaultClientSecret=REDACTED"
Resulting binary works as expected. If I skip the vars at build I can use the same credentials on the commandline and it works fine as well.
Can you share the build output?
from dexter.
from dexter.
Hey Daniel heres the build output.
CLIENT_ID=redacted.apps.googleusercontent.com CLIENT_SECRET=redacted OS=linux make build
building: bin/amd64/dexter
CGO_ENABLED=0
GOOS=linux
GOARCH=amd64
go build
-o build/dexter_linux_amd64
-ldflags "-X github.com/gini/dexter/version.VERSION=0.2.v0.2.1
-X github.com/gini/dexter/version.GITHASH=v0.2.1
-X github.com/gini/dexter/version.DOB=1550548278
-X github.com/gini/dexter/cmd.defaultClientID=redacted.apps.googleusercontent.com
-X github.com/gini/dexter/cmd.defaultClientSecret=redacted"
from dexter.
That looks totally fine to me. Can you please share the response from google?
from dexter.
Here it is Daniel,
Error: invalid_request
Missing required parameter: client_id
Request Details
access_type=offline
client_id=
prompt=consent
redirect_uri=http://127.0.0.1:64464/callback
response_type=code
scope=openid profile email
state=xT1VnWhj8980lIYZfPMPaGkj3XCyj3sfx.ST9TW
On a different context, may I ask how exactly did you manage to modify api server for multiple entries of the following to accommodate the rest of the users? Looks to be only one entry is accepted.
kubeAPIServer:
oidcClientID: redacted.apps.googleusercontent.com
oidcIssuerURL: https://accounts.google.com
oidcUsernameClaim: email
from dexter.
Just to be absolutely sure: Are you really running the binary from the build folder ($DEXTER_FOLDER/build/dexter_linux_amd64
). Because this is where the artifact is stored when you build with the Makefile.
Regarding the second question: You only need that definition once. The way it works is that the verification of the token is delegated to the OIDC provider by the api service.
from dexter.
Oh jeez turns out I have been running a different binary all this time. :(
i.e
$DEXTER_PATH/bin/dexter
as opposed to
$DEXTER_PATH/src/github.com/gini/dexter/build/dexter_linux_amd64
A million apologies Daniel. Once run from the latter works flawlessly. Thanks so much.
I would have given more context on my other question earlier. I have been trying to authenticate 2 different gmail addresses of my own with their respective client-ids and secrets. As per your latest comment I believe this isn't possible unless its being done on g-suite?
from dexter.
No need to apologize. I'm glad it's working as expected ;-)
To my knowledge it's only possible to use 1 OIDC config in the api server and I'm not aware that it's possible to authenticate with 2 different gmail domains. There may be a way to merge/manage them in google cloud but I have no experience with that. Feel free to close the ticket when you have all the answers you need
from dexter.
The issue reported is not valid. Incorrect binary was run by the reporter.
from dexter.
Related Issues (18)
- Fix Travis CI release process HOT 1
- Support an option to kubeconfig output path HOT 1
- Add Microsoft Windows support
- Create a dedicated sub-command per provider
- Wrong kube config path.
- Two different kube config users generated from one google user HOT 3
- Embed default provider at compile time HOT 14
- Add tests
- Authenticate as Google Service Account HOT 5
- Using dexter with dex? HOT 2
- Race condition on http server teardown
- dexter OIDC vs SSL Cert Login HOT 2
- Missing tmpl/kube-config.yaml HOT 2
- OOB deprecation
- Create docker image and publish it on the hub HOT 1
- Unable to start dexter HOT 2
- How to use generated credentials HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dexter.