dex
dex copied to clipboard
dexidp
Helm connector idp bug
Preflight Checklist
- [X] I agree to follow the Code of Conduct that this project adheres to.
- [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
- [X] I am not looking for support or already pursued the available support channels without success.
Version
2.36.0
Storage Type
Kubernetes
Installation Type
Custom Helm chart
Expected Behavior
Visiting https://dex.example.pt/auth/google , should have redirect me to google Accounts so that i can login
Actual Behavior
Visiting https://dex.example.pt/auth/google returns a 404 error Invalid client_id (""), dex page.
Steps To Reproduce
- Install the chart with the updated config and envvars
helm install sso dex/dex -n sso --create-namespace -f dex.values.yaml
- Install the ingressroute
kubectl apply -f dex.ingress.yaml
- Visit https://dex.example.pt/auth/google
And the page returns 404 Not Found Invalid client_id ("").
Additional Information
In the helm charts envvars i also added the secrets, I tested putting them directly in the config and by envvars
envVars:
- name: GOOGLE_CLIENT_ID
value:xxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com
- name: GOOGLE_SECRET
value: xxxxxxxxxxxxxxxxxxxxxx
Additionally, i set up a traefik ingress route
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: dex-ingress
namespace: sso
spec:
entryPoints: ["websecure"]
routes:
- kind: Rule
match: Host(`dex.example.pt`)
services:
- kind: Service
name: sso-dex
port: 5556
tls:
secretName: example-tls-cert
---
apiVersion: v1
data:
tls.crt: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
tls.key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
kind: Secret
metadata:
name: example-tls-cert
namespace: sso
type: kubernetes.io/tls
Configuration
connectors:
- type: google
id: google
issuer: https://accounts.google.com
name: google
config:
clientID: $GOOGLE_CLIENT_ID
clientSecret: $GOOGLE_SECRET
hostedDomains:
- test.example.pt
- example.pt
org: "MyORG"
redirectURI: https://dex.example.pt/callback
oauth2:
skipApprovalScreen: true
issuer: http://127.0.0.1:5556
storage:
type: kubernetes
config:
inCluster: true
web:
http: 0.0.0.0:5556
Logs
time="2023-06-28T16:40:22Z" level=info msg="The custom resource devicetokens.dex.coreos.com already available, skipping create"
time="2023-06-28T16:40:22Z" level=info msg="config storage: kubernetes"
time="2023-06-28T16:40:22Z" level=info msg="config connector: google"
time="2023-06-28T16:40:22Z" level=info msg="config skipping approval screen"
time="2023-06-28T16:40:22Z" level=info msg="config refresh tokens rotation enabled: true"
time="2023-06-28T16:40:22Z" level=info msg="listening (telemetry) on 0.0.0.0:5558"
time="2023-06-28T16:40:22Z" level=info msg="listening (http) on 0.0.0.0:5556"
time="2023-06-28T16:46:20Z" level=error msg="Failed to parse authorization request: Invalid client_id (\"\")."
time="2023-06-28T16:46:21Z" level=error msg="Failed to parse authorization request: Invalid client_id (\"\")."
time="2023-06-28T16:46:22Z" level=error msg="Failed to parse authorization request: Invalid client_id (\"\")."
time="2023-06-28T16:46:22Z" level=error msg="Failed to parse authorization request: Invalid client_id (\"\")."
I am having the same issue with Failed to parse authorization request: Invalid client_id (""), Have anyone found a solution or a workaround for this or this issue still persists?
Using HELM : https://artifacthub.io/packages/helm/dex/dex Application version: 2.37.0
