search

vmware-archive / gangway

An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster.
Apache License 2.0
410 stars 111 forks source link

Gangway does not display username #172

Closed ghost closed 4 years ago

ghost commented 4 years ago

I am trying to install the Google OAuth Gangway integration on k8s. Everything seems to be working fine, but when I access the gangway service endpoint, I see a long token instead of the user's google email. Any idea how to fix this issue?

Image 2020-09-25 at 8 38 01 PM

I had to fork the helm chart because of https://github.com/helm/charts/issues/23785. Here are the values I am using - 

        gangway:
          scopes: ["openid", "profile", "email"]
          apiServerURL: "<redacted>"
          authorizeURL: "https://accounts.google.com/o/oauth2/auth"
          tokenURL: "https://www.googleapis.com/oauth2/v4/token"
          clusterName: <redacted>
          redirectURL: "http://<redacted>/callback"
          usernameClaim: "sub"
          emailClaim: "email"
        env: 
        - name: GANGWAY_SESSION_SECURITY_KEY
          valueFrom:
            secretKeyRef:
              name: gangway-key
              key: sessionkey 
        - name: GANGWAY_AUDIENCE
          valueFrom:
            secretKeyRef:
              name: gangway-secret 
              key: client_id 
        - name: GANGWAY_CLIENT_ID
          valueFrom:
            secretKeyRef:
              name: gangway-secret 
              key: client_id
        - name: GANGWAY_CLIENT_SECRET
          valueFrom:
            secretKeyRef:
              name: gangway-secret
              key: client_secret

What am I misisng?

ghost commented 4 years ago

I used https://github.com/heptiolabs/gangway/blob/master/docs/google.md to set up

ghost commented 4 years ago

Fixed this by adding usernameClaim: "email"