You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Expected behavior
authorization_endpoint should be included in the response with a meaningful value for other parties which want to use Vault as OIDC provider and are reading this configuration
Environment:
Vault Server Version (retrieve with vault status): 1.3.0
Vault CLI Version (retrieve with vault version): 1.3.0
Server Operating System/Architecture: Linux ubuntu1604-0741 4.4.0-169-generic
Hi @gugalnikov , can you provide further steps to reproduce? Which OIDC provider are you using (listed here)? Also, would the well-known response vary by provider?
Hi. The Identity Token support only produces ID Tokens for the requesting entity. It is not an IdP and doesn’t handle authorization nor issue access tokens.
There is some room for improvement here, however. The example and actual output don’t match, and we’ll need to check but it may be more correct to include those fields as empty strings in the output. A comment in the docs about why they’re not populated would be helpful too.
Describe the bug
The documentation (https://www.vaultproject.io/api/secret/identity/tokens.html) states that .well-known configuration should look like:
but I'm actually getting:
To Reproduce
Steps to reproduce the behavior:
--request GET
http://127.0.0.1:8200/v1/identity/oidc/.well-known/openid-configuration
Expected behavior
authorization_endpoint should be included in the response with a meaningful value for other parties which want to use Vault as OIDC provider and are reading this configuration
Environment:
vault status
): 1.3.0vault version
): 1.3.0Vault server configuration file(s):
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: