Closed Vaishnavi-BH closed 5 months ago
Hello Maintainers, Could please help with the issue?
Hello, @Vaishnavi-BH. It should be fixed by #3335
Hello @nabokihms, there are two questions,
We are using latest Dex version v2.38.0 and Helm-chart version 0.16.0 still getting 401 { "error": "access_denied"}
If the changes are not added in the latest version, when we can expect new version/release with above changes?
Hey @Vaishnavi-BH,
the PR was merged but not released yet. You'll sadly need to wait for the next release (probably v2.39.0). The helm chart will be updated in a seperate release (probably 0.17.0). In case the helm chart isn't updated in time you can manually adjust the values to use the latest dex version.. once released. Hope that helps
The release of Dex v2.39.0 is planned for the next week.
Hello @nabokihms, Can you please provide tentative date for Dex release v2.39.0?
Hi @MrDeerly / @nabokihms ,
Kindly let us know the approx date for the Dex v2.39.0 as we had some planned activities based on the same.
cc : @Vaishnavi-BH
It will be released somewhen this week, so if you want to arrange any plans, I'd suggest you aim at Monday 25th of March.
I guess this issue can be closed :+1:
Preflight Checklist
Version
2.38.0
Storage Type
Kubernetes
Installation Type
Official Helm chart
Expected Behavior
When making access token exchange call to Dex, it should return new access token is response.
Actual Behavior
When making access token exchange call to Dex getting error 401 { "error": "access_denied"}. In Dex logs its showing message "failed to verify subject token: oidc: error loading userinfo: 401 Unauthorized: "
Steps To Reproduce
Additional Information
Made getUserInfo to true in config file as its required to make access token exchange call.
Postman curl: curl --location 'http://localhost:5556/dex/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic bmV4dGdlbi1sb2dpbjpuZXh0Z2VuLWxvZ2lw' \ --data-urlencode 'connector_id=okta' \ --data-urlencode 'scope=profile groups openid email' \ --data-urlencode 'requested_token_type=urn:ietf:params:oauth:token-type:access_token' \ --data-urlencode 'grant_type=urn:ietf:params:oauth:grant-type:token-exchange' \ --data-urlencode 'subject_token=eyJraWQiOiJ4QUtnNWl0RmpLOmp0aSI6IkFULnNFxxxxxxxxxxxxxxxxxxxxxxxx' \ --data-urlencode 'subject_token_type=urn:ietf:params:oauth:token-type:access_token'
Configuration
Logs