Comments (3)
Could you add the --set-authorization-header=true
flag to your deployment and then visit https://$HOST/oauth2/auth
and read the Authorization
header from the response? In the response should be the ID token that the OAuth2 Proxy is receiving from Google.
You can use jwt.io to decode this and take a look at the payload, double check your OIDC flags match the values in the payload.
from oauth2-proxy.
Looks like kube-apiserver can't verify "web application" type token from Google, which is only can be used with oauth_proxy.
kubectl auth works fine with "Other" type, but with this type proxy can`t specify callback URL.
We will try your Dex branch as a Google IDP proxy.
from oauth2-proxy.
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.
from oauth2-proxy.
Related Issues (20)
- [Support]: configuration of redirect_uri and authorization header HOT 1
- [Feature]: Support setting unix socket listener file mode HOT 8
- [Bug]: duplicate redis sessions with multiple oauth2-proxy HOT 2
- [Feature]: Allow whitelist of subjects for machine-to-machine authentication HOT 2
- [Feature]: Ability to pass Redis password as an environment variable HOT 1
- [Support]: read environment variable from html templates HOT 1
- [Support]: get id_token_hint with keycloak, oauth2 and nginx HOT 1
- [Bug]: BOM (Byte Order Mark) makes UTF-8 config files not loading HOT 1
- [Bug]: Not routing back to original Host (if not previously logged-in) HOT 2
- [Feature]: [OIDC] Add a configuration to skip id_token expiration verification HOT 2
- [Feature]: Allow entire YAML config via environment variable HOT 1
- [Feature]: Docker: Add HEALTHCHECK command HOT 4
- [Bug]: Distroless docker container is unable to use unix domain socket. HOT 4
- [Bug]: Broken content-type in v7.6.0 (probably a breaking change from v7.4.0) HOT 2
- [Support]: oauth2-proxy running on a system behind a port-forwarding firewall
- [Feature]: Support for Redis alternatives HOT 6
- [Feature]: Implement CSRF token validation on oauth2-proxy HOT 3
- [Bug]:/internal-auth/oauth2/auth not working HOT 1
- [Support]: show login screen instead of automatically redirecting to oAuth provider HOT 2
- [Bug]: Possible README Inaccuracy HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-proxy.