OIDC error: invalid_grant error #102
Labels
question
Further information is requested
Comments
|
Dex does not support the password grant (as dexidp/dex#926). You need to use the browser for authentication. |
int128
added a commit
that referenced
this issue
Jun 21, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
After kubelogin upgrade to v1.12.0 I've tried to authorize to my K8S cluster running with Dex without opening a browser but failed with the following error:
{"error":"invalid_grant"}
error: error while the resource owner password credentials grant flow: could not get a token: oauth2: cannot fetch token: 400 Bad Request
Working with Browser works fine!
Full log:⇒ kubelogin --context staging --insecure-skip-tls-verify --skip-open-browser --username test -v4
14:52:01.575730 WARNING: log may contain your secrets such as token or password
14:52:01.578762 Using the authentication provider of the user test@staging
14:52:01.578783 A token will be written to /Users/test/.kube/config
14:52:01.578791 Loading the certificate /Users/test/.ssh/staging-dex-ca.crt
Password:
14:52:05.922742 GET /dex/.well-known/openid-configuration HTTP/1.1
Host: staging-kubernetes-masters.service:32000
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
14:52:06.761844 HTTP/1.1 200 OK
Content-Length: 861
Content-Type: application/json
Date: Thu, 20 Jun 2019 11:52:06 GMT
{
"issuer": "https://staging-kubernetes-masters.service:32000/dex",
"authorization_endpoint": "https://staging-kubernetes-masters.service:32000/dex/auth",
"token_endpoint": "https://staging-kubernetes-masters.service:32000/dex/token",
"jwks_uri": "https://staging-kubernetes-masters.service:32000/dex/keys",
"response_types_supported": [
"code"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"scopes_supported": [
"openid",
"email",
"groups",
"profile",
"offline_access"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic"
],
"claims_supported": [
"aud",
"email",
"email_verified",
"exp",
"iat",
"iss",
"locale",
"name",
"sub"
]
}
14:52:06.763737 POST /dex/token HTTP/1.1
Host: staging-kubernetes-masters.service:32000
User-Agent: Go-http-client/1.1
Content-Length: 114
Authorization: Basic xxxxxxxxxxxxxxxxxxxx
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
grant_type=password&password=xxxxxxx&scope=offline_access+openid+profile+email+groups+openid&username=test
14:52:06.971080 HTTP/1.1 400 Bad Request
Content-Length: 25
Content-Type: application/json
Date: Thu, 20 Jun 2019 11:52:07 GMT
{"error":"invalid_grant"}
14:52:06.971377 POST /dex/token HTTP/1.1
Host: staging-kubernetes-masters.service:32000
User-Agent: Go-http-client/1.1
Content-Length: 160
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
client_id=xxxxxxxxx&client_secret=xxxxxxxxxx&grant_type=password&password=xxxxxxxxx&scope=offline_access+openid+profile+email+groups+openid&username=test
14:52:07.178048 HTTP/1.1 400 Bad Request
Content-Length: 25
Content-Type: application/json
Date: Thu, 20 Jun 2019 11:52:07 GMT
{"error":"invalid_grant"}
error: error while the resource owner password credentials grant flow: could not get a token: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant"}
The text was updated successfully, but these errors were encountered: