invalid_scope: Unknown/invalid scope(s): [offline_access, groups]

[bjethwan]

It works perfectly fine against Dex but I am getting below error when I deployed it against our OpenAM setup. Those scopes are not even listed there in my config

Error: invalid_scope: Unknown/invalid scope(s): [offline_access, groups]

  config.yaml: |-
    listen: http://0.0.0.0:5555
    web_path_prefix: /
    debug: true
    clusters:
    - name: devint
      description: devint
      short_description: devint
      issuer: https://<<< STRIPPED OUT>>>/openam/oauth2/
      client_id: k8s
      client_secret: <<< STRIPPED OUT>>>
      redirect_uri: https://<<< STRIPPED OUT>>>/callback/devint
      k8s_master_uri: https://<<< STRIPPED OUT>>>
      scopes:
      - email
      - sub
      - openid

I can see from the logs that you are adding those extra scopes when making aa request to OpenAM. Why's that required? FYI. I have Dex example-app working perfectly fine against that OpenAM deployment

Is there a config option which I can use to avoid this?

[nabadger]

@bjethwan I believe this was fixed in #129 - can you confirm what version of the image you're using?

I'll look to tag a new release shortly.

[bjethwan]

@nabadger I am using mintel/dex-k8s-authenticator:1.2.0

[nabadger]

@bjethwan I just released v1.4.0 which provides a scopes option as per #129

May resolve your issue.

[nabadger]

/duplicate #140

[betermieux]

Thanks a lot, works great!