using http instead of https?

coreos / go-oidc

A Go OpenID Connect client.

Apache License 2.0

1.92k stars 393 forks source link

using http instead of https? #386

Closed tamis-laan closed 1 year ago

tamis-laan commented 1 year ago

I'm using keycloak for authentication and I'm trying to connect internally within my cluster over http:

provider, err := oidc.NewProvider(context.Background(), "http://keycloak-service:8080/realms/test/")

However this results in:

oidc: issuer did not match the issuer returned by provider, expected "http://keycloak-service:8080/realms/test/" got "https://keycloak-service:8080/realms/test"

Looks like go-oidc is enforcing https.

ericchiang commented 1 year ago

Issuer values are expected to match identically. "http://example.com" is a different issuer than "https://example.com", which is what the error message is saying. go-oidc doesn't have any logic to inspect the protocol

This matters because the ID token issuer also needs to match identically. Id recommend:

reconfiguring your keycloak server to use http for the issuer
connect over https
use one of the options in this package to specify the issuer manually.

Hope this helps. Closing out since we're correctly reporting a misconfiguration

tamis-laan commented 11 months ago

@ericchiang "use one of the options in this package to specify the issuer manually" how would I be able to do this? Do you have a small example?