Comments (2)
Keycloak does not allow cache:
% curl -v -L https://keycloak.example.com/auth/realms/hello/.well-known/openid-configuration
> GET /auth/realms/hello/.well-known/openid-configuration HTTP/2
> Host: keycloak.example.com
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/2 200
< date: Mon, 24 Jun 2019 13:45:18 GMT
< content-type: application/json
< content-length: 2421
< vary: Accept-Encoding
< cache-control: no-cache, must-revalidate, no-transform, no-store
Google IdP allows cache:
% curl -v -L https://accounts.google.com/.well-known/openid-configuration
> GET /.well-known/openid-configuration HTTP/2
> Host: accounts.google.com
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/2 200
< accept-ranges: none
< vary: Accept-Encoding
< content-type: application/json
< access-control-allow-origin: *
< date: Mon, 24 Jun 2019 13:04:19 GMT
< expires: Mon, 24 Jun 2019 14:04:19 GMT
< last-modified: Mon, 05 Nov 2018 17:08:01 GMT
< x-content-type-options: nosniff
< server: sffe
< x-xss-protection: 0
< age: 1893
< cache-control: public, max-age=3600
< alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
from kubelogin.
kubelogin validates the token without the discovery and cache is not needed now. Close.
from kubelogin.
Related Issues (20)
- next release ETA HOT 1
- Change of setup guide for Google OIDC HOT 2
- unknown command "oidc-login" for "kubectl" HOT 4
- Azure AD Single Page Application should include `Origin` header for CORS support HOT 3
- Add support for client.authentication.k8s.io/v1 api
- adding certificate-data/key not working
- Groups claim not working with kubelogin and azure AD HOT 3
- Add `SkipIssuerCheck` option to kubelogin
- CVE-2023-39325 in 1.28.0 release HOT 1
- Make access_type param configurable
- Print auth URL HOT 2
- kubelogin failed with error code 1
- Is it possible to specify browser command? HOT 1
- dynamic usernameClaim?
- MFA Login with plugin without Browser HOT 2
- Encrypt the token cache HOT 1
- Implement an exponential backoff retry for unsollicitated token renewal
- Requesting groups from google HOT 2
- Issue after upgrade to 1.28.0 HOT 2
- Use an existing Kerberos ticket for authn request agains OpenID Connect Provider
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubelogin.