Closed giovannicandido closed 7 months ago
kube-oidc-proxy isn't an OIDC client, it only knows how to parse and validate a JWT. It doesn't know how to redirect you to login or work through getting a token or refreshing a token. All it knows how to do is validate the inbound JWT based on your issuer. If you want something that will generate a token and manage the token lifecycle, you'll need something like OpenUnison (https://openunison.github.io) to do that.
Got it, thanks.
Hi,
My IAM requires a client secret with the client id. I can setup a auth using a public pkce which when used by the browser do not require a client id, but it requires a valid redirect. That kind of redirection is only valid for the client connection to the kub-oidc-proxy so it can receive the token.
How to I pass the client secret as an argument? I didn't find anything in source code, is that supported?