Open gugalnikov opened 4 years ago
Hi @gugalnikov , can you provide further steps to reproduce? Which OIDC provider are you using (listed here)? Also, would the well-known response vary by provider?
hi, just to clarify, this issue is related to the Identity Secrets Engine: https://www.vaultproject.io/docs/secrets/identity/index.html rather than to the OIDC Auth Method. The only necessary steps to reproduce this behavior would be to enable & configure the Identity Tokens Backend according to the official docs: https://www.vaultproject.io/api/secret/identity/tokens.html I haven't tested this again with versions higher than 1.3..0, but I will soon
Hi. The Identity Token support only produces ID Tokens for the requesting entity. It is not an IdP and doesn’t handle authorization nor issue access tokens.
There is some room for improvement here, however. The example and actual output don’t match, and we’ll need to check but it may be more correct to include those fields as empty strings in the output. A comment in the docs about why they’re not populated would be helpful too.
That's helpful, thanks!!
Describe the bug The documentation (https://www.vaultproject.io/api/secret/identity/tokens.html) states that .well-known configuration should look like:
but I'm actually getting:
To Reproduce Steps to reproduce the behavior:
Expected behavior authorization_endpoint should be included in the response with a meaningful value for other parties which want to use Vault as OIDC provider and are reading this configuration
Environment:
vault status
): 1.3.0vault version
): 1.3.0Vault server configuration file(s):
Additional context Add any other context about the problem here.