-
Notifications
You must be signed in to change notification settings - Fork 189
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option for password grant flow instead of authorization code flow #24
Comments
Sounds good. |
Yes, exactly. The respective go function to perform this flow is https://godoc.org/golang.org/x/oauth2#Config.PasswordCredentialsToken (but keep in mind the issue in the library mentioned earlier). |
Would you propose a pull request for this feature? |
Hello @heikoettelbruecksap, any news on this? |
Sorry, I didn't follow up on that, since my company's approach has changed in the meanwhile, and we no longer need this feature. Feel free to leave this issue open or close it. |
Thanks for the feedback. |
This feature is supported in v1.12.0. |
KIND: Feature request
Currently kubelogin only supports the authorization code flow to retrieve ID tokens. This is helpful for interactive usage of human users where we can expect a web browser and typically an existing session with the OAuth server already (=> SSO). However, for automated scenarios where no browser is available, it would be helpful to be able to use the password grant flow instead.
I see the oauth2 library for go already supports the password grant flow (unfortunately with an compatibility to certain OAuth servers, but I hope this will be fixed - see golang/oauth2#320). That means, I assume it should be rather easy to add a command-line option to request the password grant flow as well as command-line parameters for user name and password.
Would this feature be generally appreciated? (before looking for the actual implementation)
The text was updated successfully, but these errors were encountered: