kubelogin icon indicating copy to clipboard operation
kubelogin copied to clipboard

Published 20 hours ago verified publisher icon int128

authcode-keyboard does not work with docker command

Open prashantchitta opened this issue 2 years ago • 2 comments

Describe the question

authcode-keyboard does not work with oidc docker command

To reproduce

I am using the following config

users:
- name: oidc
  user:
    exec:
      apiVersion: client.authentication.k8s.io/v1beta1
      command: docker
      args:
      - run
      - --rm
      - -v
      - /tmp/.token-cache:/.token-cache
      - -p
      - 8000:8000
      - ghcr.io/int128/kubelogin
      - get-token
      - --token-cache-dir=/.token-cache
      - --listen-address=0.0.0.0:8000
      - --oidc-issuer-url=<oidc_url>
      - --oidc-client-id=kubelogin-app
      - --oidc-client-secret=<secret>
      - --oidc-extra-scope=email
      - --oidc-extra-scope=profile
      - --oidc-extra-scope=groups
      - --authentication-timeout-sec=1800
      - --grant-type=authcode-keyboard

I get the following error. It is not allowing me to enter the code. I get continuous error message like below

kubectl get nodes
Please visit the following URL in your browser: https://<oidc-url>/auth?access_type=offline&client_id=kubelogin-app&code_challenge=S05tMjs38Ad-udRXe49bEElM4GCMZaXpBVaUwQrxDZ0&code_challenge_method=S256&nonce=J5A4SWjmyCLbcI6QRtgDgNXJBLIJbv7bJSxJHDdcA64&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=email+profile+groups+openid&state=FRMNv9BZsz0ivo5YUOMPprOmE1-NJNv6TJz0YSyvp1s
Enter code: error: get-token: authentication error: authcode-keyboard error: could not read an authorization code: read error: EOF
Please visit the following URL in your browser: https://<oidc-url>/auth?access_type=offline&client_id=kubelogin-app&code_challenge=9TF1nUJr2oT0cse5XcSJRqoO33jwUAK7S7VuOobQl_s&code_challenge_method=S256&nonce=BI71KnPjYukYC8uMr_RgLPV1_7B8JjTI9LfynFDoyGo&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=email+profile+groups+openid&state=rjX_2BHjvSBjl29SzygD3oZvH7iZmf5WQ0moLDdkG-0
Enter code: error: get-token: authentication error: authcode-keyboard error: could not read an authorization code: read error: EOF
Please visit the following URL in your browser: https://<oidc-url>/auth?access_type=offline&client_id=kubelogin-app&code_challenge=G9PHgb47HfWz_pd7qkB__EY5RonldE5cuoGZCMYzfK4&code_challenge_method=S256&nonce=ceU9E10f23fcREbyhF7WQblNU4L1RJ0VCD2RFn7MMoA&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=email+profile+groups+openid&state=vm89U1V4pSLSYxR8zeXIYmyBNWh8Orap_onRliYkGc4
Enter code: error: get-token: authentication error: authcode-keyboard error: could not read an authorization code: read error: EOF

Your environment

  • OS: macOS
  • kubectl version: 1.22
  • OpenID Connect provider: dex

prashantchitta avatar Jul 21 '22 23:07 prashantchitta

Could you try -it flag of the docker args?

int128 avatar Jul 22 '22 13:07 int128

@int128 Does not work. When i add -it to the docker command, kubectl commands are just stuck.

prashant.chitta@MREME62D8A88 ~ % kubectl get nodes

prashantchitta avatar Jul 22 '22 16:07 prashantchitta