Option for password grant flow instead of authorization code flow #24
Comments
|
Sounds good. |
|
Yes, exactly. The respective go function to perform this flow is https://godoc.org/golang.org/x/oauth2#Config.PasswordCredentialsToken (but keep in mind the issue in the library mentioned earlier). |
|
Would you propose a pull request for this feature? |
|
Hello @heikoettelbruecksap, any news on this? |
|
Sorry, I didn't follow up on that, since my company's approach has changed in the meanwhile, and we no longer need this feature. Feel free to leave this issue open or close it. |
|
Thanks for the feedback. |
|
This feature is supported in v1.12.0. |
KIND: Feature request
Currently kubelogin only supports the authorization code flow to retrieve ID tokens. This is helpful for interactive usage of human users where we can expect a web browser and typically an existing session with the OAuth server already (=> SSO). However, for automated scenarios where no browser is available, it would be helpful to be able to use the password grant flow instead.
I see the oauth2 library for go already supports the password grant flow (unfortunately with an compatibility to certain OAuth servers, but I hope this will be fixed - see golang/oauth2#320). That means, I assume it should be rather easy to add a command-line option to request the password grant flow as well as command-line parameters for user name and password.
Would this feature be generally appreciated? (before looking for the actual implementation)
The text was updated successfully, but these errors were encountered: