After launching k8s-oidc-helper it shows Enter the code Google gave you: without opening the browser.
Even running with -o false doesn't output the approval url in the console.

I'm not a GoLang guru how can i debug this issue?

Workaround:
Manually creating the url using oauthUrl and clientID works fine

Use case: We are making a command line tool which will authenticate with google and configure the kubernetes access.

We thought of using the code here but:

1. We do not want to create client id and secret for every developer.
2. Also, we cannot hard code client id and secret in the binary as this client id and secret can be used to impersonate the application.

Please suggest.

More information -

• kubernetes/kubernetes#37822
• https://stackoverflow.com/questions/55836757/can-google-client-id-and-client-secret-credential-be-exploited-by-a-non-org-memb
• https://stackoverflow.com/questions/55829927/use-google-as-the-oidc-provider-without-leaking-client-secret

Given this docker command

docker run -it -v $(pwd)/client_secret.json:/client_secret.json micahhausler/k8s-oidc-helper:latest bin/k8s-oidc-helper -c /client_secret.json

I expect a successful run, instead I get.

[signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x74c352]

goroutine 1 [running]:
github.com/micahhausler/k8s-oidc-helper/internal/helper.GetToken(0xc4203d2a00, 0x49, 0xc42037dca0, 0x18, 0xc420462d90, 0x1, 0x0, 0x0, 0x0)
	/go/src/github.com/micahhausler/k8s-oidc-helper/internal/helper/helper.go:54 +0x542
main.main()
	/go/src/github.com/micahhausler/k8s-oidc-helper/main.go:74 +0x5e6

Context

OSX machine running docker edge 18.02.0-ce-rc2-mac51 (22446)
The tool runs fine outside of the docker context with the same client secret file.

If there is more context that would be useful I am more than happy to provide.

All of my users are 'all of a sudden' seeing this when trying to use kubectl

Unable to connect to the server: failed to refresh token: oauth2: cannot fetch token: 400 Bad Request
Response: {
  "error": {
    "code": 400,
    "message": "Request contains an invalid argument.",
    "status": "INVALID_ARGUMENT"
  }
}

Any ideas?

I installed the k8s-oidc-helper package with go using go get github.com/micahhausler/k8s-oidc-helper and it gave me permission issues. But then i ran it with sudo and it worked. But when i try k8s-oidc-helper --version it gives command not found
I am using a VM running Ubuntu 16.04LTS for this.
kubernetes version - v1.7.2

version: k8s-oidc-helper v0.1.0
platform: macosx

steps to reproduce:

• install an aws cluster with kops
• export KUBECONFIG=$(pwd)/my-kube.config
• kops export kubecfg --name=my-cluster.example.com
• k8s-oidc-helper-darwin-amd64 --client-id=xxxx.apps.googleusercontent.com --client-secret=xxxxxxx --config $KUBECONFIG --write true

Error reading config file my-kube.config: invalid character 'a' looking for beginning of value

Implement goreleaser and create homebrew tap.

Hi Micah,

I've noticed that this project isn't compatible with Kubernetes 1.10. There are two open PRs #14 and #16 that solves this problem in different ways, but neither of them are merged or have received comments from you.

Are you planning to continue maintain this project, or would it be better if someone else took over?

Regards,
Gustav

When running the k8s-oidc-helper command it will direct me to the application I've created in the google console. However, it will return a 400 response stating the current flow is against google's security policy and the current flow needs to be changed. Further information can be found here: https://developers.google.com/identity/protocols/oauth2/resources/oob-migration.
Is there a potential fix for this?

Thanks

Hi,

Thanks for this great tool. I am running into an issue where tokens generated with k8s-oidc-helper are not working and get error: You must be logged in to the server (Unauthorized). And Kuberenetes api server logs has:

E1003 19:03:27.751405       1 authentication.go:63] Unable to authenticate the request due to an error: [invalid bearer token, [invalid bearer token, invalid bearer token]]

I have tried tokens generated with different means and they worked. I am not sure if i am missing something but could it be that token generation is out of date or something?

Thanks!

-abdul

How do you add cluster details in kubeconfig

since cluster is blank the config generated from this tool does not work

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: XXXX
    server: XXXX
    name: XXX

Does this needs to be done manually?
cc @micahhausler

sorry wrong thread !