Skip to content

Commit

Permalink
fix: Specify client authn method
Browse files Browse the repository at this point in the history
This is needed because if the method is not specified, the go client
will try to hit the token endpoint again, but with a different client
authn method if the first one fails. The problem is that the go client
does not try to parse the error it got from the provider, which in the
device flow most of the time will be authorization_pending.
  • Loading branch information
nsklikas committed Mar 29, 2024
1 parent ccf584a commit 4e82701
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion hack/flow-test/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@ func deviceFlow(specs *EnvSpec, logger *zap.SugaredLogger) {
AuthURL: specs.AuthURL,
TokenURL: specs.TokenURL,
DeviceAuthURL: specs.DeviceAuthURL,
AuthStyle: oauth2.AuthStyleInHeader,
}
}

Expand Down Expand Up @@ -238,7 +239,7 @@ run the following command: $(KUBECTL) get secret -o yaml iam-tls | yq '.data'
copy the ca.crt and tls.crt into /usr/local/share/ca-certificates/ and run update-ca-certificates
to get those certs added to the system pool (and trust them), you might need to do
the same (trust) in your chrome/firefox/safari browser
after that you should be able to point openssl or certigo to the forwarded ingress on your localhost (port 8443) and
after that you should be able to point openssl or certigo to the forwarded ingress on your localhost (port 8443) and
verify that the cert is valid
############################################################
use the hydra cli to create a client:
Expand Down

0 comments on commit 4e82701

Please # to comment.