Skip to content
This repository has been archived by the owner on Jul 15, 2021. It is now read-only.

Invalid client credentials #175

Open
david-curran-90 opened this issue Oct 5, 2020 · 0 comments
Open

Invalid client credentials #175

david-curran-90 opened this issue Oct 5, 2020 · 0 comments

Comments

@david-curran-90
Copy link

I've been moving endpoints from "app.domain.lan" to "k8s.domain.lan/app" type URLs and I'm now getting an error when logging in through dex

oauth2: cannot fetch token: 401 Unauthorized
Response: {"error":"invalid_client","error_description":"Invalid client credentials."}

I can see in the dex logs that the login is successful.

The only changes in config from what was working to what isn't are the URLs. Client secret and session key have stayed the same.

It seems to me the error is coming in this step

image

gangway.yaml:
----
apiServerURL: https://k8sapi-test.domain.lan:6444
audience: https://k8s.domain.lan/auth/oidc/userinfo
authorizeURL: https://k8s.domain.lan/auth/oidc/auth
clientID: ldapauth
clientSecret: abCd3fGH1Jk
clusterName: k8s-test
emailClaim: email
httpPath: /
port: 8080
redirectURL: https://k8s-test.domain.lan/auth/login/callback
scopes:
- openid
- profile
- email
- groups
- offline_access
sessionKey: lMn0PQR5TuvWxy2
tokenURL: https://k8s.domain.lan/auth/oidc/token
usernameClaim: email

config.yaml: 
issuer: https://k8s.domain.lan/auth/oidc
storage:
  config:
    inCluster: true
  type: kubernetes
logger:
  level: debug
web:
  http: 0.0.0.0:5556
connectors:
- config:
    bindDN: CN=k8s-ro,OU=Service Accounts,OU=Kubernetes,OU=Services,DC=domain,DC=lan
    bindPW: SecurePass
    clientID: ldapauth
    clientSecret: abCd3fGH1Jk
    groupSearch:
      baseDN: DC=domain,DC=lan
      filter: (objectClass=group)
      groupAttr: member
      nameAttr: cn
      userAttr: DN
    host: domain.lan:636
    insecureNoSSL: false
    insecureSkipVerify: true
    userSearch:
      baseDN: DC=domain,DC=lan
      emailAttr: mail
      filter: (objectClass=person)
      idAttr: DN
      nameAttr: cn
      username: SamAccountName
    usernamePrompt: Username
  id: ldap
  name: LDAP
  type: ldap
oauth2:
  alwaysShowLoginScreen: false
  skipApprovalScreen: true
staticClients:
- id: ldapauth
  name: oidc-auth-client
  redirectURIs:
  - https://k8s-test.domain.lan/auth/login/callback
  secret: abCd3fGH1Jk
enablePasswordDB: false
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@david-curran-90