Unable to retrieve new kc_access token

[yuripastushenko]

Title

Unable to retrieve new kc_access token

Summary

I am using louketo-proxy ad middleware between DEX and kubernetes dashboard. When I open the kubernetes dashboard trough louketo-proxy I am redirected to DEX. I fill in the login form with my credentials - and I am redirected to kubernetes-dashboard. In cookies I don't see kc-state (there is kc-access). When the token expires, it is not refreshed by refresh token. I am redirected to login page. In louketo-proxy logs i see following lines:

1.5937260426119459e+09  info    accces token for user has expired, attemping to refresh the token   {"client_ip": "172.20.78.255:40068", "email": "**********"}
1.5937260426120653e+09  error   unable to find a refresh token for user {"client_ip": "172.20.78.255:40068", "email": "**********", "error": "authentication session not found"}

Environment

• Server: DEX
• Louketo: {"prog": "keycloak-gatekeeper", "author": "Keycloak", "version": "10.0.0 (git+sha: f24a5fb, built: 29-04-2020)"} Louketo-proxy config:

  image: quay.io/keycloak/keycloak-gatekeeper:10.0.0
  args:
      - --listen=0.0.0.0:3000
      - --discovery-url=https://k8s-dex.my-k8s.com/
      - --client-id=$(CLIENT_ID)
      - --client-secret=$(CLIENT_SECRET)
      - --upstream-url=https://k8s-dashboard-direct-int.my-k8s.com/
      - --skip-upstream-tls-verify=false
      - --skip-openid-provider-tls-verify=false
      - --enable-default-deny=true
      - --enable-logging=true
      - --enable-refresh-tokens=true
      - --enable-session-cookies=true
      - --secure-cookie=false
      - --enable-encrypted-token
      - --encryption-key=$(ENCRYPTION_KEY)
      - --enable-metrics
      - --scopes=groups

Expected Result

The access token is rotated using the refresh token

Actual Results

The access token is not rotated and I am redirected to DEX login page.

[hendrikstill]

Sounds like #571 . I was facing the same issue. A update to louketo-proxy 1.0.0 seems to solve the problem