Hidetake Iwata

I'm thinking side effects of this change...

When Kubernetes API server received an ID token (JWT) from kubectl, it verifies the signature of token against the issuer certificate. See the doc for details. >5. The API server...

Thank you for your reports. I'm considering adding a timeout of authentication. It seems the below lines may block. https://github.com/int128/oauth2cli/blob/v1.12.1/server.go#L64-L66

https://github.com/int128/oauth2cli/pull/51 may fix this issue. I will release the new version of kubelogin later.

I just released https://github.com/int128/kubelogin/releases/tag/v1.20.1 and please try using it.

I added the authentication timeout (default 180 sec) in https://github.com/int128/kubelogin/releases/tag/v1.21.0. It may fix this issue but still #389 is needed for a fundamental solution.

Thank you for your detailed report! >With the CLI, I get a transport error when I close a tab, then I get the get-token error after 3 minutes and a...

Let me clarify. Did you see the success page after login like below?  According to the log, the browser accessed the following URLs: 1. `http://localhost:8000` (kubelogin local server) 1....

It seems the kube-apiserver does not accept a token. Would you check the log of kube-apiserver? ```sh # tail the log kubectl logs -n kube-system --tail=10 -f kube-apiserver-ip-xxxxxxxx # try...

You can dump the claims of token by passing `-v1` option to kubelogin.