search

int128 / kubelogin

kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login)
Apache License 2.0
1.7k stars 193 forks source link

authcode-keyboard does not work with docker command #753

Open prashantchitta opened 2 years ago

prashantchitta commented 2 years ago

Describe the question

authcode-keyboard does not work with oidc docker command

To reproduce

I am using the following config

users:
- name: oidc
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: docker
      args:
      - run
      - --rm
      - -v
      - /tmp/.token-cache:/.token-cache
      - -p
      - 8000:8000
      - ghcr.io/int128/kubelogin
      - get-token
      - --token-cache-dir=/.token-cache
      - --listen-address=0.0.0.0:8000
      - --oidc-issuer-url=<oidc_url>
      - --oidc-client-id=kubelogin-app
      - --oidc-client-secret=<secret>
      - --oidc-extra-scope=email
      - --oidc-extra-scope=profile
      - --oidc-extra-scope=groups
      - --authentication-timeout-sec=1800
      - --grant-type=authcode-keyboard

I get the following error. It is not allowing me to enter the code. I get continuous error message like below

kubectl get nodes
Please visit the following URL in your browser: https://<oidc-url>/auth?access_type=offline&client_id=kubelogin-app&code_challenge=S05tMjs38Ad-udRXe49bEElM4GCMZaXpBVaUwQrxDZ0&code_challenge_method=S256&nonce=J5A4SWjmyCLbcI6QRtgDgNXJBLIJbv7bJSxJHDdcA64&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=email+profile+groups+openid&state=FRMNv9BZsz0ivo5YUOMPprOmE1-NJNv6TJz0YSyvp1s
Enter code: error: get-token: authentication error: authcode-keyboard error: could not read an authorization code: read error: EOF
Please visit the following URL in your browser: https://<oidc-url>/auth?access_type=offline&client_id=kubelogin-app&code_challenge=9TF1nUJr2oT0cse5XcSJRqoO33jwUAK7S7VuOobQl_s&code_challenge_method=S256&nonce=BI71KnPjYukYC8uMr_RgLPV1_7B8JjTI9LfynFDoyGo&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=email+profile+groups+openid&state=rjX_2BHjvSBjl29SzygD3oZvH7iZmf5WQ0moLDdkG-0
Enter code: error: get-token: authentication error: authcode-keyboard error: could not read an authorization code: read error: EOF
Please visit the following URL in your browser: https://<oidc-url>/auth?access_type=offline&client_id=kubelogin-app&code_challenge=G9PHgb47HfWz_pd7qkB__EY5RonldE5cuoGZCMYzfK4&code_challenge_method=S256&nonce=ceU9E10f23fcREbyhF7WQblNU4L1RJ0VCD2RFn7MMoA&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=email+profile+groups+openid&state=vm89U1V4pSLSYxR8zeXIYmyBNWh8Orap_onRliYkGc4
Enter code: error: get-token: authentication error: authcode-keyboard error: could not read an authorization code: read error: EOF

Your environment

int128 commented 2 years ago

Could you try -it flag of the docker args?

prashantchitta commented 2 years ago

@int128 Does not work. When i add -it to the docker command, kubectl commands are just stuck.

prashant.chitta@MREME62D8A88 ~ % kubectl get nodes