dex icon indicating copy to clipboard operation
dex copied to clipboard
verified publisher icon dexidp

cannot get token when using password grant_type due to "Requested connector does not exist."

Open zeddit opened this issue 2 years ago • 3 comments

Preflight Checklist

  • [X] I agree to follow the Code of Conduct that this project adheres to.
  • [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • [X] I am not looking for support or already pursued the available support channels without success.

Version

2.37.0

Storage Type

SQLite

Installation Type

Official Helm chart

Expected Behavior

when request using the following url, a token will be returned.

curl -i -X POST -d 'grant_type=password'  -d 'client_id=example-app' -d 'client_secret=ZXhhbXBsZS1hcHAtc2VjcmV0'  -d 'scope=openid' -d 'connector_id=ldap' http://127.0.0.1:5556/dex/token

Actual Behavior

curl -i -X POST http://127.0.0.1:5556/dex/token
{"error":"unsupported_grant_type"}%

curl -i -X POST -d 'grant_type=password'  http://127.0.0.1:5556/dex/token
{"error":"invalid_client","error_description":"Invalid client credentials."}%

curl -i -X POST -d 'grant_type=password'  -d 'client_id=example-app' http://127.0.0.1:5556/dex/token
{"error":"invalid_client","error_description":"Invalid client credentials."}%

curl -i -X POST -d 'grant_type=password'  -d 'client_id=example-app' -d 'client_secret=ZXhhbXBsZS1hcHAtc2VjcmV0'  http://127.0.0.1:5556/dex/token
{"error":"invalid_request","error_description":"Missing required scope(s) [\"openid\"]."}%

curl -i -X POST -d 'grant_type=password'  -d 'client_id=example-app' -d 'client_secret=ZXhhbXBsZS1hcHAtc2VjcmV0'  -d 'scope=openid' http://127.0.0.1:5556/dex/token
{"error":"invalid_request","error_description":"Requested connector does not exist."}%

curl -i -X POST -d 'grant_type=password'  -d 'client_id=example-app' -d 'client_secret=ZXhhbXBsZS1hcHAtc2VjcmV0'  -d 'scope=openid' -d 'connector_id=ldap' http://127.0.0.1:5556/dex/token
{"error":"invalid_request","error_description":"Requested connector does not exist."}%

Steps To Reproduce

No response

Additional Information

No response

Configuration

I used the official ldap docker-compose file and config-ldap.yaml

Logs

No response

zeddit avatar Nov 20 '23 10:11 zeddit

Anyone to provide insight to this? I can replicate the same issue on dexip/dex:v2.36.0 using oauth2-proxy:v7.5.1 as the callback.

Is there even an ability to do an api call to dex with ldap creds to retrieve the bearer token?

Edit: Looks the /token is for token exchange and only available for oidc https://dexidp.io/docs/connectors/oidc/ connectors. So LDAP is outta luck

dekaiser123 avatar Sep 12 '24 09:09 dekaiser123

@dekaiser123 @zeddit , please try to add the following parameter into your configuration file and increase your image version

...
oauth2:
  passwordConnector: ldap # ldap connector id
...

casbre4212 avatar Oct 09 '24 18:10 casbre4212

@casbre4212, thanks this did the trick, and I did not need to uprev the dex image version.

But it looks like this method is not useful, since I'm trying to retrieve a bearer token from one of the redirect urls under:

...
 staticClients:
    - id: oauth2-proxy
      redirectURIs:
      - <url1>i.e. k8s dashboard
...

Seems that I need an authorisation code and pass into the dex/token api call to get the token.

dekaiser123 avatar Oct 15 '24 01:10 dekaiser123