cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon smallstep

[Bug]: Step-cli: error generating OIDC token: exec "step oauth" failed

Open Gauss23 opened this issue 1 month ago • 1 comments

Steps to Reproduce

  • Download step-cli for Windows (amd64).
  • Extract the folder
  • run step ssh certificate key-id key-file --ca-url https://step-ca-url --root your_root_cert.pem --provisioner=name_of_provisioner

Your Environment

  • OS - Windows 11 23H2
  • step CLI Version - Smallstep CLI/0.28.7 (windows/amd64)

Expected Behavior

I would expect it to open the Identity provider in a new browser window.

Running step oauth --provider https://your-idp --listen :10000 --client-id id --client-secret secret works fine.

I also notice that the step-cli under Windows seems to have some output issues.

When I just run step it says:

step
←[0;1;99mNAME←[0m
      ←[0;1;99mstep←[0m -- plumbing for distributed systems

←[0;1;99mUSAGE←[0m
      ←[0;1;99mstep←[0m ←[0;4;39mcommand←[0m ←[0;4;39m[arguments]←[0m

←[0;1;99mOPTIONS←[0m
      ←[0;1;99m--help←[0m, ←[0;1;99m-h←[0m
          show help

      ←[0;1;99m--config←[0m=←[0;4;39mvalue←[0m
          path to the config file to use for CLI flags

      ←[0;1;99m--version←[0m, ←[0;1;99m-v←[0m
          print the version

so I guess the 2 topics could be combined. step ssh certificate would need to contact the Step server and gets the OIDC info back. Maybe those funny characters are also included when it tries to build the oauth string. I can see the step-cli contacting the step-server and queries the list of provisioners. On the IdP I can't see any activity.

Actual Behavior

Output is: error generating OIDC token: exec "step oauth" failed

Additional Context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

Gauss23 avatar Nov 24 '25 16:11 Gauss23

Update: using step.exe in a Windows-cmd window and in a PowerShell Windows is not working for the OIDC workflow.

But switching to a terminal, which can handle the output is working. Tested with the integrated terminal in VS Code. So it definitely has something to do with the color-control-characters. Is there a way to get rid off the colors if the console does not support it? There was already a discussion about this issue: https://github.com/smallstep/certificates/issues/1709

Gauss23 avatar Nov 25 '25 08:11 Gauss23