Credential plugin mode & Resource owner password credentials grant flow #167
Comments
|
Thank you for your contribution. It is possible to add a feature to show the user prompt for the resource owner password credentials flow, like: users:
- name: keycloak
user:
exec:
apiVersion: client.authentication.k8s.io/v1beta1
command: kubectl
args:
- oidc-login
- get-token
- --oidc-issuer-url=https://keycloak.example.com/auth/realms/YOUR_REALM
- --oidc-client-id=YOUR_CLIENT_ID
- --oidc-client-secret=YOUR_CLIENT_SECRET
- --oidc-type=passwordDoes this meet your issue? |
|
I tried the new flag, but it seems it's not supported on my side. I get an error "error: unknown flag: --oidc-type". Are there any specific kubectl or kubelogin version requirements? |
|
This feature is not implemented yet. I would like to hear your intention. I guess that "without defining --username" means showing a user prompt. Is it okay? |
|
Got it. Yes, this would work! |
|
I just released v1.15.0 with this feature. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Credential plugin mode & Resource owner password credentials grant flow
Hello everyone,
the credential plugin mode for kubelogin is very nice. We plan to provide a skeleton of kubeconfig to all K8S OIDC users, but without defining --username in the kubeconfig.
We like OIDC K8S users to run "kubectl get pods" and then the resource owner password credentials grant flow should be triggered (instead the browser based flow)
Is there a possibility to trigger the resource owner password credentials grant flow with an option explicitly? Without defining --username, the normal browser based flow will be triggered. Setting --username (without) a user causes an error.
Thanks
The text was updated successfully, but these errors were encountered: