kubie icon indicating copy to clipboard operation
kubie copied to clipboard
verified publisher icon sbstp

OIDC support

Open dimm0 opened this issue 4 years ago • 6 comments

When using OIDC with refresh tokens, need to restart the session to update the token (if token was updated outside of the session by another client)

To reproduce: use k8s via OIDC in kubie session and regular one. Kubie session will break once the toke is refreshed.

dimm0 avatar Feb 17 '21 00:02 dimm0

Ah I see, yeah it has to be done by another session. I think that maybe I could add something to refresh the temporary kubeconfig file that I create from the original file if the original changes.

sbstp avatar Mar 06 '21 18:03 sbstp

Also if token is refreshed inside kubie first, it breaks the main one - the refresh token is already used, and main one can't refresh

dimm0 avatar Mar 07 '21 03:03 dimm0

So how do you fix the problem, if the token is refreshed in the temporary kubie file, what happens to the main file? How do you fix it?

sbstp avatar Mar 08 '21 02:03 sbstp

I don't fix it now, just get a new config file with a new token..

dimm0 avatar Mar 08 '21 19:03 dimm0

This is also an issue with Client TLS Certs that are issued with short durations... our tooling issues 12hr certs for cluster-admins. Which means that if I left any Kubie sessions open in my terminal, I have to re-run kubie ctx ... to re-copy the config, otherwise I get all kinda of Kubie errors (can't auth to validate namespaces, etc).

Refreshing the KUBIE_KUBECONFIG file if the original changes would solve this problem.

TyBrown avatar Mar 30 '21 04:03 TyBrown