I have deployed kube-oidc-proxy and authenticating using Keycloak into our K8s cluster. But I have observed that kube-oidc-proxy takes claims only from refresh_token and not from id_token.
e.g
refresh_token given below
when i pass "--oidc-username-claim=sub" to kube-oidc-proxy , it works and authenticates correctly.
but when i pass "--oidc-username-claim=email" to kube-oidc-proxy, logs throws error:
1 handlers.go:169] unauthenticated user request 10.12.12.192:51378
and kubectl throws error:
error: You must be logged in to the server (the server has asked for the client to provide credentials)
So basically I am not able to use claims from id_token.
Is there any way I can user claims from id_token?
I have deployed kube-oidc-proxy and authenticating using Keycloak into our K8s cluster. But I have observed that kube-oidc-proxy takes claims only from refresh_token and not from id_token. e.g refresh_token given below
id_token given below
when i pass
"--oidc-username-claim=sub"
to kube-oidc-proxy , it works and authenticates correctly. but when i pass"--oidc-username-claim=email"
to kube-oidc-proxy, logs throws error:and kubectl throws error:
So basically I am not able to use claims from id_token. Is there any way I can user claims from id_token?