Open sciphilo opened 5 years ago
Hello,
From my point of view this is currently an issue in oauth2_proxy. Okta (as well as others openid providers) is expecting space separated scope values. This is a standard feature (https://tools.ietf.org/html/rfc6749#section-3.3)
Currently, oauth2_proxy is encoding the parameters so if you give as parameter : --scope="openid profile email" result will be "openid+profile+email" where space are replace by + --scope="openid%20profile%20email" result will be "openid%2520profile%2520email" where % is replaced by %25...
In both case, okta will not understand the scope parameter generated in the /authorize endpoint.
You can try to add you own provider (okta) or better add a parameter to handle this use case as other providers will face the same issues (ex : ping identity).
Regards, Lusoalex.
Are there any examples of this working with Okta ? I have managed to get part way there, but it moans about scopes:
'error redeeming code missing email'
I have this running behind nginx.
I think the issue is passing it : openid email profile
in the -scope, but I am not sure how to do this. I've tried, commas, quotes etc.
Any ideas welcome !
(I'm using the pre-built version)